Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2017-1000479 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. | 8.8 |
| 2018-01-03 | CVE-2017-1000477 | XXE vulnerability in Xmlbundle Project Xmlbundle 0.1.7 XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. | 7.5 |
| 2018-01-03 | CVE-2017-1000489 | Improper Authentication vulnerability in multiple products Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address | 8.1 |
| 2018-01-03 | CVE-2017-1000499 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. | 8.8 |
| 2018-01-03 | CVE-2017-1000498 | XXE vulnerability in Androidsvg Project Androidsvg 1.2.2 AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution | 7.8 |
| 2018-01-03 | CVE-2017-1000496 | XXE vulnerability in Commsy 9.0.0 Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code. | 8.8 |
| 2018-01-03 | CVE-2017-1000494 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Miniupnp Project Miniupnpd Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact | 7.8 |
| 2018-01-03 | CVE-2018-4862 | Improper Privilege Management vulnerability in Octopus Deploy In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an authenticated user with ProcessEdit permission could reference an Azure account in such a way as to bypass the scoping restrictions, resulting in a potential escalation of privileges. | 8.8 |
| 2018-01-02 | CVE-2017-1000438 | Unspecified vulnerability in Openmicroscopy Omero In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data. | 8.3 |
| 2018-01-02 | CVE-2017-1000433 | Improper Authentication vulnerability in multiple products pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. | 8.1 |