Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000432 | Cross-Site Request Forgery (CSRF) vulnerability in Vanillaforums Vanilla Forums Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access | 8.0 |
| 2018-01-02 | CVE-2017-1000422 | Integer Overflow or Wraparound vulnerability in multiple products Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution | 8.8 |
| 2018-01-02 | CVE-2017-1000420 | Link Following vulnerability in Syncthing Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite | 7.5 |
| 2018-01-02 | CVE-2017-1000419 | Server-Side Request Forgery (SSRF) vulnerability in PHPbb 3.2.0 phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application. | 7.5 |
| 2018-01-02 | CVE-2017-1000456 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations. | 8.8 |
| 2018-01-02 | CVE-2017-1000418 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mindwerks Wildmidi The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. | 7.8 |
| 2018-01-02 | CVE-2017-1000454 | Injection vulnerability in Cmsmadesimple CMS Made Simple CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1 | 7.8 |
| 2018-01-02 | CVE-2017-1000452 | XML Injection (aka Blind XPath Injection) vulnerability in Samlify Project Samlify An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users. | 7.5 |
| 2018-01-02 | CVE-2017-1000451 | Unspecified vulnerability in Fs-Git Project Fs-Git fs-git is a file system like api for git repository. | 7.8 |
| 2018-01-02 | CVE-2017-1000450 | Integer Overflow or Wraparound vulnerability in multiple products In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. | 8.8 |