Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-20 CVE-2017-7186 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Pcre and Pcre2
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
network
low complexity
pcre CWE-119
7.5
2017-03-20 CVE-2014-9938 Improper Encoding or Escaping of Output vulnerability in Git-Scm GIT
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
network
low complexity
git-scm CWE-116
8.8
2017-03-19 CVE-2017-7184 Unspecified vulnerability in Linux Kernel
The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.
local
low complexity
linux
7.8
2017-03-18 CVE-2017-7178 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
CSRF was discovered in the web UI in Deluge before 1.3.14.
network
low complexity
deluge-torrent debian CWE-352
8.8
2017-03-18 CVE-2017-7177 Improperly Implemented Security Check for Standard vulnerability in Openinfosecfoundation Suricata
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
network
low complexity
openinfosecfoundation CWE-358
7.5
2017-03-17 CVE-2015-3884 Unrestricted Upload of File with Dangerous Type vulnerability in Qdpm 8.3/9.0/9.1
Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/attachments/ or uploads/users/.
network
low complexity
qdpm CWE-434
8.8
2017-03-17 CVE-2015-3881 Information Exposure vulnerability in Qdpm 8.3
Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.
network
low complexity
qdpm CWE-200
7.5
2017-03-17 CVE-2014-9854 Resource Management Errors vulnerability in multiple products
coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."
network
low complexity
imagemagick opensuse suse canonical CWE-399
7.5
2017-03-17 CVE-2014-8722 Information Exposure vulnerability in Get-Simple Getsimple CMS 3.3.4
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.
network
low complexity
get-simple CWE-200
7.5
2017-03-17 CVE-2014-8701 Information Exposure vulnerability in Wondercms 2014
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.
network
low complexity
wondercms CWE-200
7.5