Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-21 | CVE-2015-8559 | Information Exposure vulnerability in Chef The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. | 7.5 |
| 2017-09-21 | CVE-2015-0276 | Cross-Site Request Forgery (CSRF) vulnerability in Kallithea-Scm Kallithea 0.1 Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2. | 8.8 |
| 2017-09-21 | CVE-2017-14635 | Improper Input Validation vulnerability in Otrs In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. | 8.8 |
| 2017-09-21 | CVE-2017-14246 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 8.1 |
| 2017-09-21 | CVE-2017-14245 | Out-of-bounds Read vulnerability in multiple products An out of bounds read in the function d2alaw_array() in alaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values. | 8.1 |
| 2017-09-21 | CVE-2017-14629 | Integer Overflow or Wraparound vulnerability in Sam2P Project Sam2P 0.49.3 In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integer signedness error, leading to a crash when writing to an out-of-bounds array element. | 7.5 |
| 2017-09-21 | CVE-2017-12253 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 11.5(1) A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. | 8.8 |
| 2017-09-21 | CVE-2017-12252 | Untrusted Search Path vulnerability in Cisco Findit Network Discovery Utility 2.0.3 A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. | 7.8 |
| 2017-09-21 | CVE-2017-12219 | Unspecified vulnerability in Cisco products A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.5 |
| 2017-09-21 | CVE-2017-12215 | Improper Input Validation vulnerability in Cisco Asyncos A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. | 7.1 |