Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-08 CVE-2017-9022 Improper Input Validation vulnerability in multiple products
The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.
network
low complexity
strongswan debian canonical CWE-20
7.5
2017-06-08 CVE-2017-8108 Link Following vulnerability in Cisofy Lynis
Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.
local
low complexity
cisofy CWE-59
7.8
2017-06-08 CVE-2015-2800 Improper Authentication vulnerability in Huawei products
The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation.
network
low complexity
huawei CWE-287
7.5
2017-06-08 CVE-2015-2252 Code Injection vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
network
low complexity
huawei CWE-94
8.8
2017-06-08 CVE-2015-2251 Information Exposure vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
network
low complexity
huawei CWE-200
7.5
2017-06-08 CVE-2017-9519 Cross-Site Request Forgery (CSRF) vulnerability in Atmail
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
network
low complexity
atmail CWE-352
8.8
2017-06-08 CVE-2017-9518 Cross-Site Request Forgery (CSRF) vulnerability in Atmail
atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
network
low complexity
atmail CWE-352
8.8
2017-06-08 CVE-2017-9517 Cross-Site Request Forgery (CSRF) vulnerability in Atmail
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
network
low complexity
atmail CWE-352
8.8
2017-06-08 CVE-2017-6648 Unspecified vulnerability in Cisco Telepresence CE Software and Telepresence TC Software
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco
7.5
2017-06-08 CVE-2017-6638 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account.
local
low complexity
cisco CWE-20
7.8