Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-01 | CVE-2017-17083 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. | 7.5 |
| 2017-12-01 | CVE-2017-11286 | XXE vulnerability in Adobe Coldfusion 11.0/2016 Adobe ColdFusion has an XML external entity (XXE) injection vulnerability. | 7.5 |
| 2017-11-30 | CVE-2017-1000405 | Race Condition vulnerability in Linux Kernel The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. | 7.0 |
| 2017-11-30 | CVE-2017-1000406 | 7PK - Security Features vulnerability in Opendaylight Karaf 0.6.1Carbon OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. | 7.5 |
| 2017-11-30 | CVE-2017-14949 | XXE vulnerability in Restlet Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. | 7.5 |
| 2017-11-30 | CVE-2017-14868 | XXE vulnerability in Restlet Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. | 7.5 |
| 2017-11-30 | CVE-2017-17065 | Improper Input Validation vulnerability in Dlink Dir-605L Model B Firmware An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB06_hbrf devices, related to the code that handles the authentication values for HNAP. | 7.5 |
| 2017-11-30 | CVE-2017-12631 | Cross-Site Request Forgery (CSRF) vulnerability in Apache CXF Fediz Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. | 8.8 |
| 2017-11-30 | CVE-2017-12343 | Cross-site Scripting vulnerability in Cisco Data Center Network Manager 10.3(1)S3 Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. | 8.8 |
| 2017-11-30 | CVE-2017-14198 | Code Injection vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before 5.4.1.3. | 8.8 |