Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-08 | CVE-2017-9022 | Improper Input Validation vulnerability in multiple products The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate. | 7.5 |
2017-06-08 | CVE-2017-8108 | Link Following vulnerability in Cisofy Lynis Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. | 7.8 |
2017-06-08 | CVE-2015-2800 | Improper Authentication vulnerability in Huawei products The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. | 7.5 |
2017-06-08 | CVE-2015-2252 | Code Injection vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | 8.8 |
2017-06-08 | CVE-2015-2251 | Information Exposure vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript. | 7.5 |
2017-06-08 | CVE-2017-9519 | Cross-Site Request Forgery (CSRF) vulnerability in Atmail atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. | 8.8 |
2017-06-08 | CVE-2017-9518 | Cross-Site Request Forgery (CSRF) vulnerability in Atmail atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. | 8.8 |
2017-06-08 | CVE-2017-9517 | Cross-Site Request Forgery (CSRF) vulnerability in Atmail atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. | 8.8 |
2017-06-08 | CVE-2017-6648 | Unspecified vulnerability in Cisco Telepresence CE Software and Telepresence TC Software A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. | 7.5 |
2017-06-08 | CVE-2017-6638 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. | 7.8 |