Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-27 | CVE-2017-6086 | Cross-Site Request Forgery (CSRF) vulnerability in Vimbadmin 3.0.15 Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to <vimbadmin directory>/application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to <vimbadmin directory>/application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to <vimbadmin directory>/application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to <vimbadmin directory>/application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to <vimbadmin directory>/application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to <vimbadmin directory>/application/controllers/AliasController.php. | 8.8 |
| 2017-06-27 | CVE-2017-2491 | Use After Free vulnerability in Apple Iphone OS Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file. | 8.8 |
| 2017-06-27 | CVE-2016-7062 | Credentials Management vulnerability in Redhat Storage Console and Storage Console Node rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Console Node 2 x86_64 allows local users to obtain the password as cleartext. | 7.8 |
| 2017-06-27 | CVE-2016-6342 | Improper Access Control vulnerability in multiple products elog 3.1.1 allows remote attackers to post data as any username in the logbook. | 7.5 |
| 2017-06-27 | CVE-2016-5414 | Improper Access Control vulnerability in Freeipa 4.4.0 FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | 7.5 |
| 2017-06-27 | CVE-2016-4383 | Improper Access Control vulnerability in HP Helion Openstack Glance The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change. | 8.4 |
| 2017-06-27 | CVE-2015-7781 | Permission Issues vulnerability in Zohocorp Manageengine Firewall Analyzer 7.2/7.4/7.6 ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions. | 7.5 |
| 2017-06-27 | CVE-2015-5378 | Information Exposure vulnerability in multiple products Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | 7.5 |
| 2017-06-27 | CVE-2015-5180 | NULL Pointer Dereference vulnerability in multiple products res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). | 7.5 |
| 2017-06-27 | CVE-2015-2245 | Improper Input Validation vulnerability in Huawei P7-L09 Firmware Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash). | 7.5 |