Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-06 | CVE-2015-5947 | Race Condition vulnerability in Salesagility Suitecrm SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | 8.1 |
| 2017-09-06 | CVE-2015-5705 | Link Following vulnerability in multiple products Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | 7.5 |
| 2017-09-06 | CVE-2015-3454 | Information Exposure vulnerability in Vulcanjs Vulcan TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. | 7.5 |
| 2017-09-06 | CVE-2015-3450 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Aspl Libaxl 0.6.9 Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted XML document. | 8.8 |
| 2017-09-06 | CVE-2015-2210 | Command Injection vulnerability in Epicor CRS Retail Store 3.2.03.01.008 The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell. | 7.8 |
| 2017-09-06 | CVE-2015-0853 | Improper Input Validation vulnerability in Pysvn Project Svn-Workbench 1.6.2 svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes). | 8.8 |
| 2017-09-06 | CVE-2014-6438 | Resource Management Errors vulnerability in Ruby-Lang Ruby The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or application crash) via a crafted string. | 7.5 |
| 2017-09-06 | CVE-2017-14164 | Out-of-bounds Write vulnerability in Uclouvain Openjpeg A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. | 8.8 |
| 2017-09-05 | CVE-2017-1491 | Unspecified vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 7.5 |
| 2017-09-05 | CVE-2017-1458 | XXE vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |