Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-06 | CVE-2015-3454 | Information Exposure vulnerability in Vulcanjs Vulcan TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. | 7.5 |
| 2017-09-06 | CVE-2015-3450 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aspl Libaxl 0.6.9 Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. | 8.8 |
| 2017-09-06 | CVE-2015-2210 | Command Injection vulnerability in Epicor CRS Retail Store 3.2.03.01.008 The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell. | 7.8 |
| 2017-09-06 | CVE-2015-0853 | Improper Input Validation vulnerability in Pysvn Project Svn-Workbench 1.6.2 svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | 8.8 |
| 2017-09-06 | CVE-2014-6438 | Resource Management Errors vulnerability in Ruby-Lang Ruby The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. | 7.5 |
| 2017-09-06 | CVE-2017-14164 | Out-of-bounds Write vulnerability in Uclouvain Openjpeg A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-09-05 | CVE-2017-1491 | Unspecified vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 7.5 |
| 2017-09-05 | CVE-2017-1458 | XXE vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-09-05 | CVE-2017-1097 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-09-05 | CVE-2017-2870 | Integer Overflow or Wraparound vulnerability in multiple products An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. | 7.8 |