Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-30 | CVE-2017-7323 | Unspecified vulnerability in Modx Revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism. | 8.1 |
| 2017-03-30 | CVE-2017-7322 | Improper Certificate Validation vulnerability in Modx Revolution The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | 8.1 |
| 2017-03-30 | CVE-2017-7290 | SQL Injection vulnerability in Xoops 2.5.7.2/2.5.7.3/2.5.8.1 SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before 2.5.8.1 allows remote authenticated administrators to execute arbitrary SQL commands via the url parameter to findusers.php. | 7.2 |
| 2017-03-29 | CVE-2017-7310 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Diskboss, Disksorter and Syncbreeze A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element. | 7.8 |
| 2017-03-29 | CVE-2017-4980 | Path Traversal vulnerability in EMC Isilon Onefs EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. | 7.5 |
| 2017-03-29 | CVE-2017-4977 | Information Exposure vulnerability in EMC RSA Archer Security Operations Management 1.3.1.51 EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system. | 7.0 |
| 2017-03-29 | CVE-2017-7308 | Incorrect Conversion between Numeric Types vulnerability in Linux Kernel The packet_set_ring function in net/packet/af_packet.c in the Linux kernel through 4.10.6 does not properly validate certain block-size data, which allows local users to cause a denial of service (integer signedness error and out-of-bounds write), or gain privileges (if the CAP_NET_RAW capability is held), via crafted system calls. | 7.8 |
| 2017-03-29 | CVE-2017-7258 | Path Traversal vulnerability in Auromeera Emli 1.0 HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. | 7.5 |
| 2017-03-29 | CVE-2016-2379 | Inadequate Encryption Strength vulnerability in Pidgin Mxit The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | 8.8 |
| 2017-03-29 | CVE-2017-7304 | Out-of-bounds Read vulnerability in GNU Binutils 2.28 The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. | 7.5 |