Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-20 | CVE-2017-7186 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pcre and Pcre2 libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup. | 7.5 |
2017-03-20 | CVE-2014-9938 | Improper Encoding or Escaping of Output vulnerability in Git-Scm GIT contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution. | 8.8 |
2017-03-19 | CVE-2017-7184 | Unspecified vulnerability in Linux Kernel The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. | 7.8 |
2017-03-18 | CVE-2017-7178 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products CSRF was discovered in the web UI in Deluge before 1.3.14. | 8.8 |
2017-03-18 | CVE-2017-7177 | Improperly Implemented Security Check for Standard vulnerability in Openinfosecfoundation Suricata Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. | 7.5 |
2017-03-17 | CVE-2015-3884 | Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 8.3/9.0/9.1 Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/. | 8.8 |
2017-03-17 | CVE-2015-3881 | Information Exposure vulnerability in Qdpm 8.3 Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml. | 7.5 |
2017-03-17 | CVE-2014-9854 | Resource Management Errors vulnerability in multiple products coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image." | 7.5 |
2017-03-17 | CVE-2014-8722 | Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4 GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml. | 7.5 |
2017-03-17 | CVE-2014-8701 | Information Exposure vulnerability in Wondercms 2014 Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. | 7.5 |