Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-18 | CVE-2017-15700 | Information Exposure vulnerability in Apache Sling Authentication Service 1.4.0 A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials. | 8.8 |
| 2017-12-18 | CVE-2017-15104 | An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. | 7.8 |
| 2017-12-18 | CVE-2017-15103 | A security-check flaw was found in the way the Heketi 5 server API handled user requests. | 8.8 |
| 2017-12-18 | CVE-2017-17740 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. | 7.5 |
| 2017-12-18 | CVE-2017-17738 | Unspecified vulnerability in Brightsign 4K242 Firmware 6.2.63 The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html. | 7.5 |
| 2017-12-18 | CVE-2017-17727 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.5/5.6 DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php. | 8.8 |
| 2017-12-18 | CVE-2017-16997 | Untrusted Search Path vulnerability in multiple products elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. | 7.8 |
| 2017-12-16 | CVE-2017-17715 | Path Traversal vulnerability in Telegram Messenger The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | 8.8 |
| 2017-12-16 | CVE-2017-3196 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rawether Project Rawether PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. | 7.8 |
| 2017-12-16 | CVE-2017-3194 | Information Exposure vulnerability in Pandora Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | 8.1 |