Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-05-18 CVE-2017-9067 Path Traversal vulnerability in multiple products
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.
local
high complexity
modx php CWE-22
7.0
7.0
2017-05-18 CVE-2017-9066 Server-Side Request Forgery (SSRF) vulnerability in multiple products
In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.
network
low complexity
wordpress debian CWE-918
8.6
8.6
2017-05-18 CVE-2017-9065 Improper Input Validation vulnerability in multiple products
In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.
network
low complexity
wordpress debian CWE-20
7.5
7.5
2017-05-18 CVE-2017-9064 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.
network
low complexity
wordpress debian CWE-352
8.8
8.8
2017-05-18 CVE-2017-9062 Open Redirect vulnerability in multiple products
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
network
low complexity
wordpress debian CWE-601
8.6
8.6
2017-05-18 CVE-2017-9050 Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c.
network
low complexity
xmlsoft CWE-125
7.5
7.5
2017-05-18 CVE-2017-9049 Out-of-bounds Read vulnerability in Xmlsoft Libxml2 2.9.4
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c.
network
low complexity
xmlsoft CWE-125
7.5
7.5
2017-05-18 CVE-2017-9048 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow.
network
low complexity
xmlsoft CWE-119
7.5
7.5
2017-05-18 CVE-2017-9047 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xmlsoft Libxml2 2.9.4
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801.
network
low complexity
xmlsoft CWE-119
7.5
7.5
2017-05-18 CVE-2017-8338 Resource Exhaustion vulnerability in Mikrotik Routeros 6.38.5
A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
network
low complexity
mikrotik CWE-400
7.5
7.5