Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2017-1000477 | XXE vulnerability in Xmlbundle Project Xmlbundle 0.1.7 XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. | 7.5 |
| 2018-01-03 | CVE-2017-1000489 | Improper Authentication vulnerability in multiple products Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address | 8.1 |
| 2018-01-03 | CVE-2017-1000499 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. | 8.8 |
| 2018-01-03 | CVE-2017-1000498 | XXE vulnerability in Androidsvg Project Androidsvg 1.2.2 AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution | 7.8 |
| 2018-01-03 | CVE-2017-1000496 | XXE vulnerability in Commsy 9.0.0 Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. | 8.8 |
| 2018-01-03 | CVE-2017-1000494 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Miniupnp Project Miniupnpd Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact | 7.8 |
| 2018-01-03 | CVE-2018-4862 | Improper Privilege Management vulnerability in Octopus Deploy In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges. | 8.8 |
| 2018-01-02 | CVE-2017-1000438 | Unspecified vulnerability in Openmicroscopy Omero In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data. | 8.3 |
| 2018-01-02 | CVE-2017-1000433 | Improper Authentication vulnerability in multiple products pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. | 8.1 |
| 2018-01-02 | CVE-2017-1000432 | Cross-Site Request Forgery (CSRF) vulnerability in Vanillaforums Vanilla Forums Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access | 8.0 |