Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-27 | CVE-2017-14763 | Unspecified vulnerability in Genixcms 1.1.4 In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme. | 8.8 |
| 2017-09-26 | CVE-2017-14749 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jerryscript 1.0 JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data. | 7.8 |
| 2017-09-26 | CVE-2017-1539 | Unspecified vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privilege escalation by not properly distinguishing internal group memberships from user registry group memberships. | 8.8 |
| 2017-09-26 | CVE-2017-1527 | XXE vulnerability in IBM Business Process Manager IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-09-26 | CVE-2017-14745 | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29 The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c. | 7.8 |
| 2017-09-26 | CVE-2017-5200 | Unspecified vulnerability in Saltstack Salt Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | 8.8 |
| 2017-09-26 | CVE-2017-5192 | Improper Authentication vulnerability in Saltstack Salt When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | 8.8 |
| 2017-09-26 | CVE-2017-14704 | Unrestricted Upload of File with Dangerous Type vulnerability in Claydip Airbnb Clone 1.0 Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | 8.8 |
| 2017-09-26 | CVE-2017-14602 | Improper Authentication vulnerability in Citrix products A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. | 7.2 |
| 2017-09-26 | CVE-2017-13129 | Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280 Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. | 8.0 |