Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-17 | CVE-2017-3759 | Improper Input Validation vulnerability in Lenovo Service Framework The Lenovo Service Framework Android application accepts some responses from the server without proper validation. | 8.1 |
| 2017-10-17 | CVE-2014-9118 | Command Injection vulnerability in Dasanzhone Znid 2426A Firmware The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd. | 8.8 |
| 2017-10-17 | CVE-2014-8357 | Credentials Management vulnerability in Dasanzhone Znid 2426A Firmware backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf. | 8.8 |
| 2017-10-17 | CVE-2014-2664 | Unrestricted Upload of File with Dangerous Type vulnerability in X2Engine X2Crm Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory. | 8.8 |
| 2017-10-17 | CVE-2014-2277 | Improper Access Control vulnerability in Perltidy Project Perltidy The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function. | 7.1 |
| 2017-10-17 | CVE-2014-9697 | Resource Exhaustion vulnerability in Huawei products Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website. | 7.5 |
| 2017-10-17 | CVE-2014-9489 | Improper Access Control vulnerability in Gollum Project Gollum The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags. | 8.8 |
| 2017-10-17 | CVE-2014-8324 | Improper Input Validation vulnerability in Aircrack-Ng 1.0/1.2 network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | 7.5 |
| 2017-10-17 | CVE-2014-8323 | Improper Input Validation vulnerability in Aircrack-Ng 1.0/1.2 buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter. | 7.5 |
| 2017-10-17 | CVE-2017-13082 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | 8.1 |