Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-25 CVE-2017-13692 Improper Input Validation vulnerability in Htacg Tidy 5.5.31
In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers to cause a denial of service (Segmentation Fault), as demonstrated by an invalid ISALNUM argument.
network
low complexity
htacg CWE-20
7.5
2017-08-24 CVE-2017-13686 NULL Pointer Dereference vulnerability in Linux Kernel 4.13
net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via crafted system calls.
local
low complexity
linux CWE-476
7.8
2017-08-24 CVE-2015-8355 SQL Injection vulnerability in Orion-Soft Bitrix 2.1.2
Multiple SQL injection vulnerabilities in the orion.extfeedbackform module before 2.1.3 for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) order or (2) "by" parameter to admin/orion.extfeedbackform_efbf_forms.php.
network
low complexity
orion-soft CWE-89
8.8
2017-08-24 CVE-2015-8308 Improper Authentication vulnerability in Lxdm Project Lxdm
LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.
local
low complexity
lxdm-project CWE-287
7.8
2017-08-24 CVE-2015-7516 NULL Pointer Dereference vulnerability in Onosproject Onos
ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).
network
low complexity
onosproject CWE-476
7.5
2017-08-24 CVE-2015-7259 Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to have multiple valid username and password pairs, which allows remote authenticated users to login to a target account via any of its username and password pairs.
network
low complexity
zte CWE-255
8.8
2017-08-24 CVE-2015-7258 Credentials Management vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.
network
low complexity
zte CWE-255
8.8
2017-08-24 CVE-2015-7257 Weak Password Recovery Mechanism for Forgotten Password vulnerability in ZTE Zxv10 W300 Firmware W300V2.1.0Fer7Peo57/W300V2.1.0Her7Peo57
ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "support" to "admin".
network
high complexity
zte CWE-640
7.5
2017-08-24 CVE-2015-1800 Information Exposure vulnerability in Samsung Galaxy S4 Firmware I9500Xxuemk8
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.
network
low complexity
samsung CWE-200
7.5
2017-08-24 CVE-2017-9511 Path Traversal vulnerability in Atlassian Crucible
The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.
network
low complexity
atlassian CWE-22
7.5