Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-25 | CVE-2015-1847 | Path Traversal vulnerability in Appserver Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. | 7.5 |
| 2017-07-24 | CVE-2017-1382 | Incorrect Default Permissions vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. | 7.1 |
| 2017-07-24 | CVE-2017-9553 | Unspecified vulnerability in Synology Diskstation Manager A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | 7.5 |
| 2017-07-24 | CVE-2017-8036 | Unspecified vulnerability in Cloudfoundry Capi-Release 1.33.0 An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). | 7.8 |
| 2017-07-24 | CVE-2015-7703 | Improper Input Validation vulnerability in multiple products The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command. | 7.5 |
| 2017-07-24 | CVE-2017-11326 | Unrestricted Upload of File with Dangerous Type vulnerability in Tilde CMS Project Tilde CMS 1.0.1 An issue was discovered in Tilde CMS 1.0.1. | 7.5 |
| 2017-07-24 | CVE-2017-11325 | Information Exposure vulnerability in Tilde CMS Project Tilde CMS 1.0.1 An issue was discovered in Tilde CMS 1.0.1. | 7.5 |
| 2017-07-24 | CVE-2017-11422 | Incorrect Permission Assignment for Critical Resource vulnerability in Statamic Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. | 8.8 |
| 2017-07-24 | CVE-2017-11600 | Out-of-bounds Read vulnerability in Linux Kernel net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message. | 7.0 |
| 2017-07-24 | CVE-2017-11592 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26 There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via crafted input. | 7.5 |