Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-10 | CVE-2017-5637 | Missing Authentication for Critical Function vulnerability in multiple products Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate client requests. | 7.5 |
| 2017-10-10 | CVE-2017-14603 | Information Exposure vulnerability in Digium Asterisk In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before 14.6.2 and Certified Asterisk 11.x before 11.6-cert18 and 13.x before 13.13-cert6, insufficient RTCP packet validation could allow reading stale buffer contents and when combined with the "nat" and "symmetric_rtp" options allow redirecting where Asterisk sends the next RTCP report. | 7.5 |
| 2017-10-10 | CVE-2017-13723 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local attacker authenticated to the X server could overflow a global buffer, causing crashes of the X server or potentially other problems by injecting large or malformed XKB related atoms and accessing them via xkbcomp. | 7.8 |
| 2017-10-10 | CVE-2015-7842 | Permission Issues vulnerability in Huawei products Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. | 7.1 |
| 2017-10-09 | CVE-2017-14972 | Improper Authentication vulnerability in Infocus Mondopad 2.2.08 InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file. | 7.5 |
| 2017-10-06 | CVE-2015-2673 | Permissions, Privileges, and Access Controls vulnerability in Wpeasycart WP Easycart The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters. | 8.8 |
| 2017-10-06 | CVE-2015-2143 | Cross-Site Request Forgery (CSRF) vulnerability in PHPbugtracker Project PHPbugtracker Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters. | 8.8 |
| 2017-10-06 | CVE-2015-2142 | Cross-Site Request Forgery (CSRF) vulnerability in PHPbugtracker Project PHPbugtracker Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that cause an unspecified impact via the id parameter to project.php, (2) hijack the authentication of users for requests that cause an unspecified impact via the group_id parameter to group.php, (3) hijack the authentication of users for requests that delete statuses via the status_id parameter to status.php, (4) hijack the authentication of users for requests that delete severities via the severity_id parameter to severity.php, (5) hijack the authentication of users for requests that cause an unspecified impact via the priority_id parameter to priority.php, (6) hijack the authentication of users for requests that delete the operating system via the os_id parameter to os.php, (7) hijack the authentication of users for requests that delete databases via the database_id parameter to database.php, or (8) hijack the authentication of users for requests that delete sites via the site_id parameter to sites.php. | 8.0 |
| 2017-10-06 | CVE-2015-1429 | Path Traversal vulnerability in Cybelesoft Thinfinity Remote Desktop Workstation 3.0.0.3 Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. | 7.5 |
| 2017-10-06 | CVE-2017-15079 | Path Traversal vulnerability in Wpmudev Smush Image Compression and Optimization The Smush Image Compression and Optimization plugin before 2.7.6 for WordPress allows directory traversal. | 7.5 |