Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000068 | Improper Authentication vulnerability in Betterment Testtrack 1.0 TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of service to clients in the field. | 7.5 |
| 2017-07-17 | CVE-2017-1000067 | SQL Injection vulnerability in Modx Revolution MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. | 8.8 |
| 2017-07-17 | CVE-2017-1000066 | Unspecified vulnerability in Keepass 1.32 The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. | 7.5 |
| 2017-07-17 | CVE-2017-1000064 | Resource Exhaustion vulnerability in Kitto Project Kitto 0.5.1 kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS | 7.5 |
| 2017-07-17 | CVE-2017-1000062 | Path Traversal vulnerability in Kitto Project Kitto 0.5.1 kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution | 7.5 |
| 2017-07-17 | CVE-2017-1000061 | XXE vulnerability in Xmlsec Project Xmlsec xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service | 7.1 |
| 2017-07-17 | CVE-2017-1000053 | Deserialization of Untrusted Data vulnerability in Plug Project Plug Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session. | 8.1 |
| 2017-07-17 | CVE-2017-1000052 | Injection vulnerability in Plug Project Plug Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. | 7.8 |
| 2017-07-17 | CVE-2017-1000050 | NULL Pointer Dereference vulnerability in multiple products JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | 7.5 |
| 2017-07-17 | CVE-2017-1000048 | Improper Input Validation vulnerability in QS Project QS the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. | 7.5 |