Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-02-22 CVE-2014-4677 Command Injection vulnerability in Gpgtools Libmacgpg 0.6
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.
local
low complexity
gpgtools CWE-77
7.8
2017-02-22 CVE-2017-3841 Information Exposure vulnerability in Cisco Secure Access Control System 5.8(2.5)
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information.
network
low complexity
cisco CWE-200
7.5
2017-02-22 CVE-2017-3837 Improper Input Validation vulnerability in Cisco Meeting Server
An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
network
low complexity
cisco CWE-20
8.1
2017-02-22 CVE-2017-3835 SQL Injection vulnerability in Cisco Identity Services Engine Software 1.4(0.908)
A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection.
network
low complexity
cisco CWE-89
8.8
2017-02-22 CVE-2017-3830 Improper Input Validation vulnerability in Cisco Meeting Server 2.1.0
A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance.
network
low complexity
cisco CWE-20
7.5
2017-02-21 CVE-2016-9049 NULL Pointer Dereference vulnerability in Aerospike Database Server 3.10.0.3
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3.
network
low complexity
aerospike CWE-476
7.5
2017-02-21 CVE-2017-6127 Cross-Site Request Forgery (CSRF) vulnerability in Digisol Dg-Hr1400 Firmware 1.00.02
Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi.
network
low complexity
digisol CWE-352
8.8
2017-02-21 CVE-2015-4057 Information Exposure vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.
network
low complexity
dell CWE-200
7.5
2017-02-21 CVE-2017-6098 SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.
network
low complexity
mail-masta-project CWE-89
7.2
2017-02-21 CVE-2017-6097 SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress.
network
low complexity
mail-masta-project CWE-89
7.2