Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-23 CVE-2017-11610 Incorrect Default Permissions vulnerability in multiple products
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
network
low complexity
supervisord fedoraproject debian redhat CWE-276
8.8
2017-08-23 CVE-2017-13146 Missing Release of Resource after Effective Lifetime vulnerability in Imagemagick
In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory leak in the ReadMATImage function in coders/mat.c.
network
low complexity
imagemagick CWE-772
8.8
2017-08-23 CVE-2017-13143 Information Exposure vulnerability in Imagemagick
In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage function in coders/mat.c uses uninitialized data, which might allow remote attackers to obtain sensitive information from process memory.
network
low complexity
imagemagick CWE-200
7.5
2017-08-23 CVE-2017-13130 Uncontrolled Search Path Element vulnerability in BMC Patrol
mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.
local
low complexity
bmc CWE-427
7.8
2017-08-22 CVE-2017-5208 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
network
low complexity
icoutils-project debian redhat CWE-190
8.8
2017-08-22 CVE-2015-5258 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in springframework-social before 1.1.3.
network
low complexity
fedoraproject vmware CWE-352
8.8
2017-08-22 CVE-2015-3617 Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortimanager Firmware
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
local
low complexity
fortinet CWE-264
7.8
2017-08-22 CVE-2017-7557 Cross-Site Request Forgery (CSRF) vulnerability in Powerdns Dnsdist 1.1.0
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
network
low complexity
powerdns CWE-352
8.8
2017-08-21 CVE-2017-8037 Information Exposure vulnerability in Cloudfoundry Capi-Release and Cf-Release
In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035.
network
low complexity
cloudfoundry CWE-200
7.5
2017-08-21 CVE-2017-6329 Uncontrolled Search Path Element vulnerability in Symantec VIP Access for Desktop 2.2.3
Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability.
local
low complexity
symantec CWE-427
7.8