Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2015-5227 | Injection vulnerability in Inboundnow Wordpress Landing Pages The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | 8.8 |
| 2017-10-18 | CVE-2016-5714 | Improper Access Control vulnerability in Puppet Agent and Puppet Enterprise Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." | 7.2 |
| 2017-10-18 | CVE-2015-7715 | Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Property Listing 8.9/8.9.2 Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php. | 8.8 |
| 2017-10-18 | CVE-2015-7714 | SQL Injection vulnerability in Realtyna Property Listing 8.9/8.9.2 Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php. | 7.2 |
| 2017-10-18 | CVE-2015-5164 | Deserialization of Untrusted Data vulnerability in Pulpproject Qpid The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp. | 7.2 |
| 2017-10-18 | CVE-2017-8022 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Networker An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all supported 9.0.x versions, prior to 9.1.1.3, prior to 9.2.0.4). | 8.1 |
| 2017-10-18 | CVE-2015-2156 | Improper Input Validation vulnerability in multiple products Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters. | 7.5 |
| 2017-10-18 | CVE-2014-3709 | Cross-Site Request Forgery (CSRF) vulnerability in Keycloak The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. | 8.8 |
| 2017-10-18 | CVE-2014-3164 | NULL Pointer Dereference vulnerability in Google Android cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths. | 7.5 |
| 2017-10-18 | CVE-2017-13083 | Download of Code Without Integrity Check vulnerability in Rufus Project Rufus 2.17 Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | 8.1 |