Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-21 | CVE-2017-11366 | OS Command Injection vulnerability in Codiad components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_file_type. | 7.5 |
| 2017-08-20 | CVE-2017-12976 | Improper Input Validation vulnerability in Git-Annex Project Git-Annex git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117. | 8.8 |
| 2017-08-20 | CVE-2017-12974 | Improper Verification of Cryptographic Signature vulnerability in Connect2Id Nimbus Jose+Jwt Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. | 7.5 |
| 2017-08-20 | CVE-2017-12972 | Insufficient Verification of Data Authenticity vulnerability in Connect2Id Nimbus Jose+Jwt In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. | 7.5 |
| 2017-08-19 | CVE-2017-10663 | Improper Validation of Array Index vulnerability in Linux Kernel The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel before 4.12.4 does not validate the blkoff and segno arrays, which allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2017-08-19 | CVE-2017-10662 | Unspecified vulnerability in Linux Kernel The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors. | 7.8 |
| 2017-08-19 | CVE-2017-10661 | Use After Free vulnerability in multiple products Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. | 7.0 |
| 2017-08-18 | CVE-2017-12964 | Uncontrolled Recursion vulnerability in Libsass 3.4.5 There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. | 7.8 |
| 2017-08-18 | CVE-2007-5341 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox Remote code execution in the Venkman script debugger in Mozilla Firefox before 2.0.0.8. | 7.5 |
| 2017-08-18 | CVE-2007-5199 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in X Libxfont 1.3.1 A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact. | 7.5 |