Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-22 CVE-2017-15730 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
network
low complexity
phpmyfaq CWE-352
8.8
2017-10-22 CVE-2017-15729 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
network
low complexity
phpmyfaq CWE-352
8.8
2017-10-22 CVE-2015-5699 Permissions, Privileges, and Access Controls vulnerability in Cumulusnetworks Cumulus Linux 2.5.3
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.
local
low complexity
cumulusnetworks CWE-264
7.8
2017-10-22 CVE-2015-5177 Double Free vulnerability in multiple products
Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.
network
low complexity
openslp debian CWE-415
7.5
2017-10-20 CVE-2017-13127 Information Exposure vulnerability in VIP
The VIP.com application for IOS and Android allows remote attackers to obtain sensitive information and hijack the authentication of users via a rogue access point and a man-in-the-middle attack.
network
high complexity
vip CWE-200
8.1
2017-10-20 CVE-2013-6049 Improper Input Validation vulnerability in multiple products
apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.
local
low complexity
apt-listbugs-project debian CWE-20
7.8
2017-10-20 CVE-2017-6145 Insufficient Session Expiration vulnerability in F5 products
iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens.
network
low complexity
f5 CWE-613
7.3
2017-10-20 CVE-2017-6144 Improper Certificate Validation vulnerability in F5 Big-Ip Policy Enforcement Manager 12.1.0/12.1.1/12.1.2
In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified.
network
high complexity
f5 CWE-295
7.4
2017-10-20 CVE-2017-12628 Deserialization of Untrusted Data vulnerability in Apache James Server 2.3.2/2.3.2.1/3.0.0
The JMX server embedded in Apache James, also used by the command line client is exposed to a java de-serialization issue, and thus can be used to execute arbitrary commands.
local
low complexity
apache CWE-502
7.8
2017-10-20 CVE-2017-2133 SQL Injection vulnerability in Panasonic Kx-Hjb1000 Firmware Ghx1Yg14.50/Hjb10004.47
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
panasonic CWE-89
8.8