Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2017-7408 Improper Input Validation vulnerability in Paloaltonetworks Traps 3.4.3
Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license.
network
low complexity
paloaltonetworks CWE-20
7.5
2017-04-14 CVE-2017-7218 Improper Input Validation vulnerability in Paloaltonetworks Pan-Os
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.
local
low complexity
paloaltonetworks CWE-20
7.8
2017-04-14 CVE-2015-8356 SQL Injection vulnerability in Bitrix Project Bitrix 6.5.2
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
network
low complexity
bitrix-project CWE-89
8.0
2017-04-14 CVE-2017-7869 Out-of-bounds Write vulnerability in GNU Gnutls
GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c.
network
low complexity
gnu CWE-787
7.5
2017-04-14 CVE-2017-7868 Out-of-bounds Write vulnerability in multiple products
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
network
low complexity
icu-project debian CWE-787
7.5
2017-04-14 CVE-2017-7867 Out-of-bounds Write vulnerability in multiple products
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.
network
low complexity
icu-project debian CWE-787
7.5
2017-04-13 CVE-2016-8727 Information Exposure vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point.
network
low complexity
moxa CWE-200
7.5
2017-04-13 CVE-2016-8726 NULL Pointer Dereference vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1.
network
low complexity
moxa CWE-476
7.5
2017-04-13 CVE-2016-8723 NULL Pointer Dereference vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1.
network
low complexity
moxa CWE-476
7.5
2017-04-13 CVE-2016-8712 Insufficient Session Expiration vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1.
network
high complexity
moxa CWE-613
8.1