Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-22 | CVE-2017-15730 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php. | 8.8 |
2017-10-22 | CVE-2017-15729 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary. | 8.8 |
2017-10-22 | CVE-2015-5699 | Permissions, Privileges, and Access Controls vulnerability in Cumulusnetworks Cumulus Linux 2.5.3 The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. | 7.8 |
2017-10-22 | CVE-2015-5177 | Double Free vulnerability in multiple products Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | 7.5 |
2017-10-20 | CVE-2017-13127 | Information Exposure vulnerability in VIP The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack. | 8.1 |
2017-10-20 | CVE-2013-6049 | Improper Input Validation vulnerability in multiple products apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors. | 7.8 |
2017-10-20 | CVE-2017-6145 | Insufficient Session Expiration vulnerability in F5 products iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. | 7.3 |
2017-10-20 | CVE-2017-6144 | Improper Certificate Validation vulnerability in F5 Big-Ip Policy Enforcement Manager 12.1.0/12.1.1/12.1.2 In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. | 7.4 |
2017-10-20 | CVE-2017-12628 | Deserialization of Untrusted Data vulnerability in Apache James Server 2.3.2/2.3.2.1/3.0.0 The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands. | 7.8 |
2017-10-20 | CVE-2017-2133 | SQL Injection vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47 SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | 8.8 |