Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-18 CVE-2017-10708 Path Traversal vulnerability in Apport Project Apport
An issue was discovered in Apport through 2.20.x.
local
low complexity
apport-project CWE-22
7.8
2017-07-18 CVE-2017-11421 Code Injection vulnerability in Gnome-Exe-Thumbnailer Project Gnome-Exe-Thumbnailer 0.9.4
gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue.
local
low complexity
gnome-exe-thumbnailer-project CWE-94
7.8
2017-07-18 CVE-2017-7506 Unspecified vulnerability in Spice Project Spice
spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak.
network
low complexity
spice-project
8.8
2017-07-18 CVE-2017-6320 OS Command Injection vulnerability in Barracuda Load Balancer ADC
A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges.
network
low complexity
barracuda CWE-78
8.8
2017-07-18 CVE-2017-10961 Cross-Site Request Forgery (CSRF) vulnerability in Vanderbilt Redcap
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
network
low complexity
vanderbilt CWE-352
8.8
2017-07-18 CVE-2017-1318 OS Command Injection vulnerability in IBM MQ Appliance
IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution.
network
low complexity
ibm CWE-78
8.8
2017-07-18 CVE-2017-11403 Use After Free vulnerability in Graphicsmagick 1.3.26
The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.
network
low complexity
graphicsmagick CWE-416
8.8
2017-07-17 CVE-2017-9933 Information Exposure vulnerability in Joomla Joomla!
Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.
network
low complexity
joomla CWE-200
7.5
2017-07-17 CVE-2017-9812 Information Exposure vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.
network
low complexity
kaspersky CWE-200
7.5
2017-07-17 CVE-2017-9810 Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312).
network
low complexity
kaspersky CWE-352
8.8