Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-11 | CVE-2017-3108 | Unrestricted Upload of File with Dangerous Type vulnerability in Adobe Experience Manager Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | 7.5 |
| 2017-08-11 | CVE-2017-3106 | Incorrect Type Conversion or Cast vulnerability in multiple products Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. | 8.8 |
| 2017-08-11 | CVE-2017-3085 | Open Redirect vulnerability in multiple products Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | 7.4 |
| 2017-08-11 | CVE-2017-7675 | Path Traversal vulnerability in Apache Tomcat The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. | 7.5 |
| 2017-08-11 | CVE-2016-6796 | A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. | 7.5 |
| 2017-08-10 | CVE-2016-8745 | 7PK - Errors vulnerability in Apache Tomcat A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. | 7.5 |
| 2017-08-10 | CVE-2016-6817 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Tomcat The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. | 7.5 |
| 2017-08-10 | CVE-2016-6797 | Incorrect Authorization vulnerability in multiple products The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. | 7.5 |
| 2017-08-10 | CVE-2017-8518 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | 7.6 |
| 2017-08-10 | CVE-2017-3156 | Unspecified vulnerability in Apache CXF The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. | 7.5 |