Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-14743 | SQL Injection vulnerability in Faleemi Fsc-880 Firmware 00.01.01.0048P2 Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | 8.1 |
| 2017-09-26 | CVE-2017-12154 | Unspecified vulnerability in Linux Kernel The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | 7.1 |
| 2017-09-26 | CVE-2017-14739 | NULL Pointer Dereference vulnerability in Imagemagick 7.0.74 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. | 7.5 |
| 2017-09-26 | CVE-2017-14001 | OS Command Injection vulnerability in Digium Asterisk GUI 2.1.0 An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. | 8.8 |
| 2017-09-26 | CVE-2017-9962 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aveva Clearscada Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. | 7.5 |
| 2017-09-26 | CVE-2017-9961 | Unspecified vulnerability in Schneider-Electric Pro-Face GP PRO EX 4.07.000 A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX version 4.07.000 that allows an attacker to execute arbitrary code. | 7.8 |
| 2017-09-26 | CVE-2017-9958 | Incorrect Permission Assignment for Critical Resource vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root. | 7.8 |
| 2017-09-26 | CVE-2017-9956 | Use of Hard-coded Credentials vulnerability in Schneider-Electric U.Motion Builder 1.2.1 An authentication bypass vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system contains a hard-coded valid session. | 7.3 |
| 2017-09-26 | CVE-2017-7969 | Cross-Site Request Forgery (CSRF) vulnerability in Schneider-Electric Citect Anywhere and Powerscada Anywhere A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 for multiple state-changing requests. | 8.8 |
| 2017-09-26 | CVE-2014-8170 | Use of Externally-Controlled Format String vulnerability in Ovirt Ovirt-Node 3.0.0474Gb852Fd7 ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, which allows remote authenticated users and physically proximate attackers to execute arbitrary commands via a ; (semicolon) in an input string. | 8.8 |