Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2014-9830 | Improper Access Control vulnerability in Imagemagick coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | 8.8 |
| 2017-08-07 | CVE-2014-9828 | Improper Access Control vulnerability in Imagemagick coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | 8.8 |
| 2017-08-07 | CVE-2014-9827 | Improper Access Control vulnerability in Imagemagick coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | 8.8 |
| 2017-08-07 | CVE-2014-3462 | Information Exposure vulnerability in multiple products The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". | 7.5 |
| 2017-08-07 | CVE-2014-1235 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Graphviz 2.34.0 Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. | 7.8 |
| 2017-08-07 | CVE-2017-12653 | Uncontrolled Search Path Element vulnerability in 360Totalsecurity 360 Total Security 3.5.0.1033/9.0.0.1202 360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory. | 7.8 |
| 2017-08-07 | CVE-2017-12651 | Cross-Site Request Forgery (CSRF) vulnerability in Loginizer Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked. | 8.8 |
| 2017-08-07 | CVE-2015-7887 | Improper Access Control vulnerability in Netapp Snapcenter Server 1.0 NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. | 8.1 |
| 2017-08-07 | CVE-2015-7875 | Permissions, Privileges, and Access Controls vulnerability in Chaos Tool Suite Project Ctools ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. | 7.5 |
| 2017-08-07 | CVE-2015-1378 | Permissions, Privileges, and Access Controls vulnerability in Grml Grml-Debootstrap cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. | 7.5 |