Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-09 | CVE-2016-4902 | Untrusted Search Path vulnerability in Jpki products Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vista)" Ver3.0.1 and earlier and The Public Certification Service for Individuals "The JPKI user's software" Ver2.6 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2017-06-08 | CVE-2017-1319 | Inadequate Encryption Strength vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.1/6.2.2 IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. | 7.5 |
| 2017-06-08 | CVE-2016-9991 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Sterling Selling and Fulfillment Foundation IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.0 |
| 2017-06-08 | CVE-2016-9698 | XXE vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-06-08 | CVE-2016-6098 | Improper Access Control vulnerability in IBM products IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 8.1 |
| 2017-06-08 | CVE-2015-3913 | Improper Input Validation vulnerability in Huawei products The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message. | 7.5 |
| 2017-06-08 | CVE-2015-3634 | Information Exposure vulnerability in Slideshow Project Slideshow The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. | 7.5 |
| 2017-06-08 | CVE-2015-1786 | Cross-Site Request Forgery (CSRF) vulnerability in Zend Framework Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers. | 8.8 |
| 2017-06-08 | CVE-2015-1379 | Improper Input Validation vulnerability in Dest-Unreach Socat The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash). | 7.5 |
| 2017-06-08 | CVE-2016-6594 | 7PK - Security Features vulnerability in Bluecoat Advanced Secure Gateway, Cacheflow and Proxysg Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. | 7.5 |