Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-02-22 | CVE-2014-4677 | Command Injection vulnerability in Gpgtools Libmacgpg 0.6 The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument. | 7.8 |
2017-02-22 | CVE-2017-3841 | Information Exposure vulnerability in Cisco Secure Access Control System 5.8(2.5) A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. | 7.5 |
2017-02-22 | CVE-2017-3837 | Improper Input Validation vulnerability in Cisco Meeting Server An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. | 8.1 |
2017-02-22 | CVE-2017-3835 | SQL Injection vulnerability in Cisco Identity Services Engine Software 1.4(0.908) A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. | 8.8 |
2017-02-22 | CVE-2017-3830 | Improper Input Validation vulnerability in Cisco Meeting Server 2.1.0 A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. | 7.5 |
2017-02-21 | CVE-2016-9049 | NULL Pointer Dereference vulnerability in Aerospike Database Server 3.10.0.3 An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. | 7.5 |
2017-02-21 | CVE-2017-6127 | Cross-Site Request Forgery (CSRF) vulnerability in Digisol Dg-Hr1400 Firmware 1.00.02 Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi. | 8.8 |
2017-02-21 | CVE-2015-4057 | Information Exposure vulnerability in Dell VCE Vision Intelligent Operations 2.5/2.6/2.6.4 The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network. | 7.5 |
2017-02-21 | CVE-2017-6098 | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 7.2 |
2017-02-21 | CVE-2017-6097 | SQL Injection vulnerability in Mail-Masta Project Mail-Masta 1.0 A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. | 7.2 |