Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2017-1000485 | Incorrect Permission Assignment for Critical Resource vulnerability in Nylas Mail Lives Project Nylas Mail 2.2.2 Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations. | 7.8 |
| 2018-01-03 | CVE-2017-1000473 | OS Command Injection vulnerability in Linux-Dash Project Linux-Dash Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | 7.8 |
| 2018-01-03 | CVE-2017-1000470 | Integer Overflow or Wraparound vulnerability in Embedthis Goahead web Server 4.0.0 EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service. | 7.5 |
| 2018-01-03 | CVE-2017-1000479 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. | 8.8 |
| 2018-01-03 | CVE-2017-1000477 | XXE vulnerability in Xmlbundle Project Xmlbundle 0.1.7 XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. | 7.5 |
| 2018-01-03 | CVE-2017-1000489 | Improper Authentication vulnerability in multiple products Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address | 8.1 |
| 2018-01-03 | CVE-2017-1000499 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. | 8.8 |
| 2018-01-03 | CVE-2017-1000498 | XXE vulnerability in Androidsvg Project Androidsvg 1.2.2 AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution | 7.8 |
| 2018-01-03 | CVE-2017-1000496 | XXE vulnerability in Commsy 9.0.0 Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. | 8.8 |
| 2018-01-03 | CVE-2017-1000494 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Miniupnp Project Miniupnpd Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact | 7.8 |