Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-18 | CVE-2017-12946 | SQL Injection vulnerability in Easymodal Project Easy Modal classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. | 7.2 |
| 2017-08-18 | CVE-2017-12881 | Cross-Site Request Forgery (CSRF) vulnerability in Spring Batch Admin Project Spring Batch Admin 1.0.0/1.2.0 Cross-site request forgery (CSRF) vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability. | 8.8 |
| 2017-08-18 | CVE-2016-10389 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition. | 7.8 |
| 2017-08-18 | CVE-2016-10383 | Race Condition vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, there is a TOCTOU race condition in Secure UI. | 8.1 |
| 2017-08-18 | CVE-2015-5153 | Permission Issues vulnerability in Pulp Project Pulp Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name. | 8.8 |
| 2017-08-18 | CVE-2015-5081 | Cross-Site Request Forgery (CSRF) vulnerability in Django-Cms Django CMS 3.0.13/3.1 Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors. | 8.8 |
| 2017-08-18 | CVE-2015-2675 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gnome Librest 0.7.92 The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account. | 7.5 |
| 2017-08-18 | CVE-2015-0576 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. | 7.0 |
| 2017-08-18 | CVE-2014-3451 | Improper Certificate Validation vulnerability in Igniterealtime Openfire OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | 7.5 |
| 2017-08-18 | CVE-2017-12593 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. | 8.8 |