Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-18 | CVE-2017-15572 | Information Exposure Through Log Files vulnerability in multiple products In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can obtain sensitive information (password reset tokens) by reading a Referer log, because account/lost_password does not use a redirect. | 7.5 |
| 2017-10-17 | CVE-2017-9625 | Improper Authentication vulnerability in Envitech Envidas Ultimate 1.0.0.4 An Improper Authentication issue was discovered in Envitech EnviDAS Ultimate Versions prior to v1.0.0.5. | 8.2 |
| 2017-10-17 | CVE-2017-15565 | NULL Pointer Dereference vulnerability in multiple products In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. | 8.8 |
| 2017-10-17 | CVE-2017-14011 | Cross-Site Request Forgery (CSRF) vulnerability in Prominent Multiflex M10A Controller Firmware A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 8.8 |
| 2017-10-17 | CVE-2017-14005 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Prominent Multiflex M10A Controller Firmware An Unverified Password Change issue was discovered in ProMinent MultiFLEX M10a Controller web interface. | 8.8 |
| 2017-10-17 | CVE-2017-6273 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia Adsp Firmware NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader component where there is the potential to write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or possible escalation of privileges. | 7.8 |
| 2017-10-17 | CVE-2017-5531 | Unspecified vulnerability in Tibco products Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications. | 8.8 |
| 2017-10-17 | CVE-2017-3760 | Insufficiently Protected Credentials vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application uses a set of nonsecure credentials when performing integrity verification of downloaded applications and/or data. | 8.1 |
| 2017-10-17 | CVE-2017-3759 | Improper Input Validation vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application accepts some responses from the server without proper validation. | 8.1 |
| 2017-10-17 | CVE-2014-9118 | Command Injection vulnerability in Dasanzhone Znid 2426A Firmware The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | 8.8 |