Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-20 | CVE-2017-11466 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms 4.1.1 Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. | 7.2 |
| 2017-07-19 | CVE-2017-11464 | Divide By Zero vulnerability in Gnome Librsvg 2.40.17 A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. | 7.8 |
| 2017-07-19 | CVE-2017-1309 | Cleartext Storage of Sensitive Information vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. | 7.8 |
| 2017-07-19 | CVE-2017-1224 | Inadequate Encryption Strength vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2017-07-19 | CVE-2017-1218 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2017-07-19 | CVE-2016-7507 | Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi 0.90.4 Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. | 8.0 |
| 2017-07-19 | CVE-2017-11456 | Path Traversal vulnerability in Geneko products Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. | 7.5 |
| 2017-07-19 | CVE-2017-11450 | coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short. | 8.8 |
| 2017-07-19 | CVE-2017-11449 | Unspecified vulnerability in Imagemagick coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin. | 8.8 |
| 2017-07-19 | CVE-2017-9245 | Information Exposure vulnerability in Google News and Weather The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. | 7.5 |