Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-26 | CVE-2017-5200 | Unspecified vulnerability in Saltstack Salt Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client. | 8.8 |
| 2017-09-26 | CVE-2017-5192 | Improper Authentication vulnerability in Saltstack Salt When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | 8.8 |
| 2017-09-26 | CVE-2017-14704 | Unrestricted Upload of File with Dangerous Type vulnerability in Claydip Airbnb Clone 1.0 Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/profile. | 8.8 |
| 2017-09-26 | CVE-2017-14602 | Improper Authentication vulnerability in Citrix products A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. | 7.2 |
| 2017-09-26 | CVE-2017-13129 | Cross-Site Request Forgery (CSRF) vulnerability in Zkteco Zktime web 2.0.1.12280 Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2.0.1.12280 allows remote authenticated users to hijack the authentication of administrators for requests that add administrators by leveraging lack of anti-CSRF tokens. | 8.0 |
| 2017-09-26 | CVE-2017-14743 | SQL Injection vulnerability in Faleemi Fsc-880 Firmware 00.01.01.0048P2 Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | 8.1 |
| 2017-09-26 | CVE-2017-12154 | Unspecified vulnerability in Linux Kernel The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. | 7.1 |
| 2017-09-26 | CVE-2017-14739 | NULL Pointer Dereference vulnerability in Imagemagick 7.0.74 The AcquireResampleFilterThreadSet function in magick/resample-private.h in ImageMagick 7.0.7-4 mishandles failed memory allocation, which allows remote attackers to cause a denial of service (NULL Pointer Dereference in DistortImage in MagickCore/distort.c, and application crash) via unspecified vectors. | 7.5 |
| 2017-09-26 | CVE-2017-14001 | OS Command Injection vulnerability in Digium Asterisk GUI 2.1.0 An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. | 8.8 |
| 2017-09-26 | CVE-2017-9962 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aveva Clearscada Schneider Electric's ClearSCADA versions released prior to August 2017 are susceptible to a memory allocation vulnerability, whereby malformed requests can be sent to ClearSCADA client applications to cause unexpected behavior. | 7.5 |