Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-30 | CVE-2017-14196 | Path Traversal vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and 5.4.1.3. | 7.5 |
| 2017-11-29 | CVE-2017-13872 | Improper Authentication vulnerability in Apple mac OS X 10.13.0/10.13.1 An issue was discovered in certain Apple products. | 8.1 |
| 2017-11-29 | CVE-2017-17058 | Path Traversal vulnerability in Automattic Woocommerce The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. | 7.5 |
| 2017-11-29 | CVE-2017-17053 | Use After Free vulnerability in Linux Kernel The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. | 7.0 |
| 2017-11-29 | CVE-2017-17052 | Use After Free vulnerability in Linux Kernel The mm_init function in kernel/fork.c in the Linux kernel before 4.12.10 does not clear the ->exe_file member of a new process's mm_struct, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. | 7.8 |
| 2017-11-29 | CVE-2017-17050 | NULL Pointer Dereference vulnerability in Tgsoft Vir.It Explorer 8.5.42 TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730020 DeviceIoControl request to \\.\Viragtlt. | 7.8 |
| 2017-11-29 | CVE-2017-17049 | NULL Pointer Dereference vulnerability in Tgsoft Vir.It Explorer 8.5.42 TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a NULL value in a 0x82730010 DeviceIoControl request to \\.\Viragtlt. | 7.8 |
| 2017-11-28 | CVE-2017-17045 | Use After Free vulnerability in XEN An issue was discovered in Xen through 4.9.x allowing HVM guest OS users to gain privileges on the host OS, obtain sensitive information, or cause a denial of service (BUG and host OS crash) by leveraging the mishandling of Populate on Demand (PoD) Physical-to-Machine (P2M) errors. | 8.8 |
| 2017-11-28 | CVE-2017-17042 | Path Traversal vulnerability in Yardoc Yard lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files. | 7.5 |
| 2017-11-28 | CVE-2017-15673 | Unrestricted Upload of File with Dangerous Type vulnerability in Cs-Cart The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. | 7.2 |