Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-1000238 | Unrestricted Upload of File with Dangerous Type vulnerability in Invoiceplane 1.4.10 InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. | 8.8 |
| 2017-11-17 | CVE-2017-1000189 | Improper Input Validation vulnerability in EJS nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | 7.5 |
| 2017-11-17 | CVE-2017-1000208 | Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. | 8.8 |
| 2017-11-17 | CVE-2017-1000200 | NULL Pointer Dereference vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service | 7.5 |
| 2017-11-17 | CVE-2017-1000199 | Information Exposure vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | 7.5 |
| 2017-11-17 | CVE-2017-1000198 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service | 7.5 |
| 2017-11-17 | CVE-2017-1000195 | Deserialization of Untrusted Data vulnerability in Octobercms October October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. | 7.5 |
| 2017-11-17 | CVE-2017-1000187 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, an address access exception was found in pdf2swf. | 7.8 |
| 2017-11-16 | CVE-2017-0865 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek soc driver. | 7.8 |
| 2017-11-16 | CVE-2017-0864 | Unspecified vulnerability in Google Android An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). | 7.8 |