Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-29 | CVE-2013-7432 | Permissions, Privileges, and Access Controls vulnerability in Mapsplugin Googlemaps 3.0 The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. | 7.5 |
| 2017-08-29 | CVE-2016-2972 | Credentials Management vulnerability in IBM Sametime IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of the Sametime Meetings user in the local cache of their browser which could be accessed by a local user. | 7.8 |
| 2017-08-29 | CVE-2017-12775 | Improper Input Validation vulnerability in Question2Answer qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts. | 7.5 |
| 2017-08-29 | CVE-2017-12763 | Incorrect Default Permissions vulnerability in Nomachine An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files. | 8.8 |
| 2017-08-29 | CVE-2017-11455 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CSRF tokens. | 8.8 |
| 2017-08-29 | CVE-2015-8334 | SQL Injection vulnerability in Huawei Vcn500 Firmware V100R002C00Spc200/V100R002C00Spc200B010 SQL injection vulnerability in the Operation and Maintenance Unit (OMU) in Huawei VCN500 before V100R002C00SPC201 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | 8.8 |
| 2017-08-29 | CVE-2015-7255 | Information Exposure vulnerability in ZTE products ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials or other sensitive information via a man-in-the-middle attack, passive decryption attack, or impersonating a legitimate device. | 7.5 |
| 2017-08-29 | CVE-2015-5209 | Improper Input Validation vulnerability in Apache Struts Apache Struts 2.x before 2.3.24.1 allows remote attackers to manipulate Struts internals, alter user sessions, or affect container settings via vectors involving a top object. | 7.5 |
| 2017-08-29 | CVE-2015-4649 | Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654. | 7.2 |
| 2017-08-29 | CVE-2015-3657 | Improper Access Control vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | 7.2 |