Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-23 | CVE-2015-8089 | Permissions, Privileges, and Access Controls vulnerability in Huawei P7-L00 Firmware, P7-L05 Firmware and P7-L09 Firmware The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application. | 7.8 |
| 2017-05-23 | CVE-2015-6817 | Improper Authentication vulnerability in Pgbouncer 1.6 PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | 8.1 |
| 2017-05-23 | CVE-2015-6586 | Information Exposure vulnerability in Huawei products The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network. | 7.5 |
| 2017-05-23 | CVE-2015-5682 | Permissions, Privileges, and Access Controls vulnerability in Powerplay Gallery Project Powerplay Gallery 3.3 upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. | 7.5 |
| 2017-05-23 | CVE-2015-5469 | Path Traversal vulnerability in MDC Youtube Downloader Project MDC Youtube Downloader 2.1.0 Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter to includes/download.php. | 7.5 |
| 2017-05-23 | CVE-2015-5468 | Path Traversal vulnerability in Wpshopstyling WP E-Commerce Shop Styling 2.5 Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-05-23 | CVE-2015-5401 | Improper Input Validation vulnerability in Teradata Express and Teradata Gateway Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message. | 7.5 |
| 2017-05-23 | CVE-2015-5383 | Information Exposure vulnerability in Roundcube Webmail and Webmail Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory. | 7.5 |
| 2017-05-23 | CVE-2015-4704 | Path Traversal vulnerability in Download ZIP Attachments Project Download ZIP Attachments 1.0 Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2017-05-23 | CVE-2015-4054 | NULL Pointer Dereference vulnerability in Pgbouncer PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. | 7.5 |