Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-25 | CVE-2017-13692 | Improper Input Validation vulnerability in Htacg Tidy 5.5.31 In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument. | 7.5 |
2017-08-24 | CVE-2017-13686 | NULL Pointer Dereference vulnerability in Linux Kernel 4.13 net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls. | 7.8 |
2017-08-24 | CVE-2015-8355 | SQL Injection vulnerability in Orion-Soft Bitrix 2.1.2 Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php. | 8.8 |
2017-08-24 | CVE-2015-8308 | Improper Authentication vulnerability in Lxdm Project Lxdm LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | 7.8 |
2017-08-24 | CVE-2015-7516 | NULL Pointer Dereference vulnerability in Onosproject Onos ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870). | 7.5 |
2017-08-24 | CVE-2015-7259 | Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs. | 8.8 |
2017-08-24 | CVE-2015-7258 | Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection. | 8.8 |
2017-08-24 | CVE-2015-7257 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin". | 7.5 |
2017-08-24 | CVE-2015-1800 | Information Exposure vulnerability in Samsung Galaxy S4 Firmware I9500Xxuemk8 The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. | 7.5 |
2017-08-24 | CVE-2017-9511 | Path Traversal vulnerability in Atlassian Crucible The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system. | 7.5 |