Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-15 | CVE-2014-9463 | Code Injection vulnerability in Vbseo functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php. | 8.8 |
| 2017-09-15 | CVE-2014-7808 | Cryptographic Issues vulnerability in Apache Wicket Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | 7.5 |
| 2017-09-15 | CVE-2017-9805 | Deserialization of Untrusted Data vulnerability in multiple products The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. | 8.1 |
| 2017-09-15 | CVE-2017-2299 | Improper Certificate Validation vulnerability in Puppet Puppetlabs-Apache Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. | 7.5 |
| 2017-09-15 | CVE-2017-14497 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. | 7.8 |
| 2017-09-15 | CVE-2017-10860 | Untrusted Search Path vulnerability in DAJ I-Filter Installer 6.0 Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. | 7.8 |
| 2017-09-15 | CVE-2017-10859 | Untrusted Search Path vulnerability in DAJ I-Filter Installer 6.0 Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-09-15 | CVE-2017-10858 | Untrusted Search Path vulnerability in DAJ I-Filter Installer 1.0.8.1 Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-09-15 | CVE-2017-10855 | Untrusted Search Path vulnerability in Fujitsu Fence-Explorer 8.4.1 Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-09-15 | CVE-2017-10846 | Missing Authorization vulnerability in Nttdocomo Wi-Fi Station L-02F Firmware L02Fmdm9625V10Hjun232017Dcmjp/V10B Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors. | 7.5 |