Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-06 CVE-2017-9462 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name.
network
low complexity
mercurial debian redhat CWE-732
8.8
2017-06-06 CVE-2016-0768 Improper Access Control vulnerability in Postgresql
PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.
network
low complexity
postgresql CWE-284
7.5
2017-06-06 CVE-2017-5243 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Rapid7 Nexpose
The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions.
network
high complexity
rapid7 CWE-327
8.5
2017-06-06 CVE-2017-9449 SQL Injection vulnerability in Bigtreecms Bigtree CMS
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php.
network
low complexity
bigtreecms CWE-89
8.8
2017-06-06 CVE-2017-5664 Improper Handling of Exceptional Conditions vulnerability in Apache Tomcat
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page.
network
low complexity
apache CWE-755
7.5
2017-06-06 CVE-2016-10297 Race Condition vulnerability in Google Android
In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.
local
high complexity
google CWE-362
7.0
2017-06-06 CVE-2015-9007 Double Free vulnerability in Google Android
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
local
low complexity
google CWE-415
7.8
2017-06-06 CVE-2015-9006 Improper Access Control vulnerability in Google Android
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
local
low complexity
google CWE-284
7.8
2017-06-06 CVE-2015-9005 Integer Overflow or Wraparound vulnerability in Google Android
In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
local
low complexity
google CWE-190
7.8
2017-06-06 CVE-2014-9952 Improper Authentication vulnerability in Google Android
In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.
local
low complexity
google CWE-287
7.8