Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-07 CVE-2015-5232 Race Condition vulnerability in Cornelisnetworks Opa-Ff and Opa-Fm
Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.
network
high complexity
cornelisnetworks CWE-362
8.1
2017-06-07 CVE-2015-5175 Improper Input Validation vulnerability in Apache CXF Fediz
Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.
network
low complexity
apache CWE-20
7.5
2017-06-07 CVE-2017-9355 Server-Side Request Forgery (SSRF) vulnerability in Subsonic 6.1.1
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
network
low complexity
subsonic CWE-918
7.4
2017-06-07 CVE-2017-7966 Uncontrolled Search Path Element vulnerability in Schneider-Electric Somachine 2.1.0
A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system.
network
low complexity
schneider-electric CWE-427
8.8
2017-06-07 CVE-2017-7965 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Somachine Hvac 2.1.0
A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.
local
low complexity
schneider-electric CWE-119
7.3
2017-06-07 CVE-2017-4904 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage.
local
low complexity
vmware CWE-119
8.8
2017-06-07 CVE-2017-4903 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA.
local
low complexity
vmware CWE-119
8.8
2017-06-07 CVE-2017-4902 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare products
VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA.
local
low complexity
vmware CWE-119
8.8
2017-06-07 CVE-2017-4898 Unspecified vulnerability in VMWare Workstation Player and Workstation PRO
VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loading vulnerability that occurs due to the "vmware-vmx" process loading DLLs from a path defined in the local environment-variable.
local
low complexity
vmware
8.8
2017-06-07 CVE-2016-9977 Improper Input Validation vulnerability in IBM products
IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier.
network
low complexity
ibm CWE-20
8.8