Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-09-20 CVE-2017-14616 Resource Exhaustion vulnerability in Watchguard Fireware
An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0.
network
low complexity
watchguard CWE-400
7.5
2017-09-20 CVE-2015-9231 Information Exposure vulnerability in Iterm2
iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries.
network
low complexity
iterm2 CWE-200
7.5
2017-09-20 CVE-2017-14610 Improper Initialization vulnerability in Bareos
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
local
low complexity
bareos CWE-665
7.8
2017-09-20 CVE-2017-14609 Improper Initialization vulnerability in Kannel
The server daemons in Kannel 1.5.0 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by bearerbox.
local
low complexity
kannel CWE-665
7.8
2017-09-20 CVE-2015-5395 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
network
low complexity
debian alinto CWE-352
8.8
2017-09-20 CVE-2015-3890 Use After Free vulnerability in Litespeedtech Openlitespeed
Use-after-free vulnerability in Open Litespeed before 1.3.10.
network
low complexity
litespeedtech CWE-416
7.5
2017-09-20 CVE-2015-0162 Permissions, Privileges, and Access Controls vulnerability in IBM Security Siteprotector System 3.0/3.1.0.0/3.1.1.0
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
local
high complexity
ibm CWE-264
7.0
2017-09-20 CVE-2017-9804 Improper Input Validation vulnerability in Apache Struts
In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an application allows entering a URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
network
low complexity
apache CWE-20
7.5
2017-09-20 CVE-2017-9793 Improper Input Validation vulnerability in Apache Struts
The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 through 2.5.12 is using an outdated XStream library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted XML payload.
network
low complexity
apache CWE-20
7.5
2017-09-20 CVE-2017-14607 Out-of-bounds Read vulnerability in multiple products
In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ReadTIFFImage has been reported in coders/tiff.c.
network
low complexity
imagemagick debian canonical CWE-125
8.1