Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-01 | CVE-2017-14797 | Inadequate Encryption Strength vulnerability in Philips HUE Bridge Bsb002 Firmware 1707040932 Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | 7.9 |
| 2017-09-30 | CVE-2017-14930 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Binutils 2.29 Memory leak in decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory consumption) via a crafted ELF file. | 7.1 |
| 2017-09-30 | CVE-2017-14738 | SQL Injection vulnerability in Filerun 2017.09.18 FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | 7.5 |
| 2017-09-30 | CVE-2017-14702 | Deserialization of Untrusted Data vulnerability in Branaghgroup ERS Data System 1.8.1.0 ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization. | 7.5 |
| 2017-09-30 | CVE-2017-13989 | Unspecified vulnerability in HP products An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | 8.1 |
| 2017-09-30 | CVE-2017-13982 | Unrestricted Upload of File with Dangerous Type vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | 8.8 |
| 2017-09-30 | CVE-2016-4434 | XXE vulnerability in Apache Tika 1.12 Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. | 7.8 |
| 2017-09-29 | CVE-2017-9790 | Use After Free vulnerability in Apache Mesos When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. | 7.5 |
| 2017-09-29 | CVE-2017-7687 | Unspecified vulnerability in Apache Mesos When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. | 7.5 |
| 2017-09-29 | CVE-2017-7552 | Unspecified vulnerability in Redhat Mobile Application Platform 4.4/4.4.3 A flaw was discovered in the file editor of millicore, affecting versions before 3.19.0 and 4.x before 4.5.0, which allows files to be executed as well as created. | 7.5 |