Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-10 | CVE-2017-1103 | XXE vulnerability in IBM Rational Quality Manager and Rational Team Concert IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-05-10 | CVE-2016-9250 | Permissions, Privileges, and Access Controls vulnerability in F5 products In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. | 7.5 |
| 2017-05-10 | CVE-2016-5889 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Interact IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-05-10 | CVE-2017-8874 | Cross-Site Request Forgery (CSRF) vulnerability in Acquia Mautic 1.4.1 Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts. | 8.8 |
| 2017-05-10 | CVE-2017-8868 | Path Traversal vulnerability in Flatcore Flatcore-Cms 1.4.7 acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via directory traversal in the delete parameter to acp/acp.php. | 7.5 |
| 2017-05-10 | CVE-2017-5892 | Information Exposure vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266 ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow JSONP Information Disclosure such as a network map. | 7.5 |
| 2017-05-10 | CVE-2017-5891 | Cross-Site Request Forgery (CSRF) vulnerability in Asus Rt-Ac1750 Firmware 3.0.0.4.380.7266 ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 have Login Page CSRF and Save Settings CSRF. | 8.8 |
| 2017-05-09 | CVE-2017-0352 | Incorrect Permission Assignment for Critical Resource vulnerability in Nvidia GPU Driver All versions of the NVIDIA GPU Display Driver contain a vulnerability in the GPU firmware where incorrect access control may allow CPU access sensitive GPU control registers, leading to an escalation of privileges | 7.8 |
| 2017-05-09 | CVE-2017-0351 | NULL Pointer Dereference vulnerability in Nvidia GPU Driver All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. | 7.8 |
| 2017-05-09 | CVE-2017-0350 | Improper Input Validation vulnerability in Nvidia GPU Driver All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used in an offset calculation may lead to denial of service or potential escalation of privileges. | 7.8 |