Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-1000025 | Information Exposure vulnerability in Gnome Epiphany GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | 7.5 |
| 2017-07-17 | CVE-2017-1000024 | Cleartext Transmission of Sensitive Information vulnerability in Gnome Shotwell Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | 7.5 |
| 2017-07-17 | CVE-2017-1000022 | Incorrect Permission Assignment for Critical Resource vulnerability in Logicaldoc LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation. | 8.8 |
| 2017-07-17 | CVE-2017-1000021 | XXE vulnerability in Logicaldoc LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. | 8.8 |
| 2017-07-17 | CVE-2017-1000018 | Improper Input Validation vulnerability in PHPmyadmin phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name | 7.5 |
| 2017-07-17 | CVE-2017-1000017 | Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server | 8.8 |
| 2017-07-17 | CVE-2017-1000016 | Improper Input Validation vulnerability in PHPmyadmin A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. | 7.5 |
| 2017-07-17 | CVE-2017-1000014 | Improper Input Validation vulnerability in PHPmyadmin phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality | 7.5 |
| 2017-07-17 | CVE-2017-1000010 | Uncontrolled Search Path Element vulnerability in Audacityteam Audacity Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avformat-55.dll resulting arbitrary code execution. | 7.8 |
| 2017-07-17 | CVE-2017-1000008 | Cross-Site Request Forgery (CSRF) vulnerability in Chyrp-Lite Project Chyrp Lite 2016.04 Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password. | 8.8 |