Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-19 | CVE-2017-14017 | Uncontrolled Search Path Element vulnerability in Progea Movicon 11.4/11.4.1150/11.5.1181 An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. | 7.8 |
| 2017-10-19 | CVE-2017-15649 | Race Condition vulnerability in Linux Kernel net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346. | 7.8 |
| 2017-10-19 | CVE-2017-15647 | Path Traversal vulnerability in Fiberhome Routerfiberhome Firmware On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. | 7.5 |
| 2017-10-19 | CVE-2017-15645 | Cross-Site Request Forgery (CSRF) vulnerability in Webmin CSRF exists in Webmin 1.850. | 8.8 |
| 2017-10-19 | CVE-2017-15644 | Server-Side Request Forgery (SSRF) vulnerability in Webmin SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | 8.6 |
| 2017-10-19 | CVE-2017-15643 | HTTP Request Smuggling vulnerability in Ikarussecurity Ikarus Antivirus 2.16.7 An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. | 7.4 |
| 2017-10-19 | CVE-2017-10933 | Path Traversal vulnerability in ZTE Zxdt22 Sf01 Firmware V2.06.00.00 All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary files on the system via a full path name after host address. | 7.5 |
| 2017-10-19 | CVE-2015-6668 | Information Exposure vulnerability in Wp-Jobmanager JOB Manager The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference. | 7.5 |
| 2017-10-19 | CVE-2015-4422 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 7 Firmware The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application. | 7.0 |
| 2017-10-19 | CVE-2015-4421 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Mate 7 Firmware The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified input. | 7.5 |