Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-08 CVE-2017-11511 Information Exposure vulnerability in Manageengine Servicedesk 9.3.9328
The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL.
network
low complexity
manageengine CWE-200
7.5
2017-11-08 CVE-2017-15865 Information Exposure vulnerability in Frrouting
bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in Cumulus Linux before 3.4.3 and other products, allows remote attackers to obtain sensitive information via a malformed BGP UPDATE packet from a connected peer, which triggers transmission of up to a few thousand unintended bytes because of a mishandled attribute length, aka RN-690 (CM-18492).
network
low complexity
frrouting CWE-200
7.5
2017-11-08 CVE-2017-15087 Unspecified vulnerability in Redhat Gluster Storage 3.3
It was discovered that the fix for CVE-2017-12163 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
network
low complexity
redhat
7.5
2017-11-08 CVE-2017-15086 Unspecified vulnerability in Redhat Gluster Storage 3.3
It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6.
network
high complexity
redhat
7.4
2017-11-08 CVE-2017-16667 OS Command Injection vulnerability in Backintime Project Backintime
backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py.
local
low complexity
backintime-project CWE-78
7.8
2017-11-08 CVE-2017-9096 XXE vulnerability in Itextpdf Itext
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
network
low complexity
itextpdf CWE-611
8.8
2017-11-08 CVE-2017-14360 Resource Exhaustion vulnerability in HP Content Manager 9.0
A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00.
network
low complexity
hp CWE-400
7.5
2017-11-08 CVE-2017-12824 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Inpage
Special crafted InPage document leads to arbitrary code execution in InPage reader.
local
low complexity
inpage CWE-119
7.8
2017-11-08 CVE-2017-16660 Exposure of Resource to Wrong Sphere vulnerability in Cacti 1.1.27
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
network
low complexity
cacti CWE-668
7.2
2017-11-08 CVE-2017-16659 Incorrect Permission Assignment for Critical Resource vulnerability in Anti-Spam Smtp Proxy Project Anti-Spam Smtp Proxy 1.9.8.13030
The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.
local
low complexity
anti-spam-smtp-proxy-project CWE-732
7.8