Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-10605 | Improper Input Validation vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through the device(s). | 7.5 |
| 2017-07-17 | CVE-2017-10603 | XML Injection (aka Blind XPath Injection) vulnerability in Juniper Junos 15.1/15.1X53 An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. | 7.8 |
| 2017-07-17 | CVE-2017-10602 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. | 7.8 |
| 2017-07-17 | CVE-2017-1000363 | Out-of-bounds Write vulnerability in multiple products Linux drivers/char/lp.c Out-of-Bounds Write. | 7.8 |
| 2017-07-17 | CVE-2017-1000080 | Unspecified vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | 7.5 |
| 2017-07-17 | CVE-2017-1000079 | Unspecified vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | 7.5 |
| 2017-07-17 | CVE-2017-1000071 | Improper Authentication vulnerability in Apereo PHPcas 1.3.4 Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server. | 8.1 |
| 2017-07-17 | CVE-2017-1000069 | Cross-Site Request Forgery (CSRF) vulnerability in Oauth2 Proxy Project Oauth2 Proxy 2.1 CSRF in Bitly oauth2_proxy 2.1 during authentication flow | 8.8 |
| 2017-07-17 | CVE-2017-1000068 | Improper Authentication vulnerability in Betterment Testtrack 1.0 TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. | 7.5 |
| 2017-07-17 | CVE-2017-1000067 | SQL Injection vulnerability in Modx Revolution MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. | 8.8 |