Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-11-17 | CVE-2017-1000129 | SQL Injection vulnerability in S9Y Serendipity 2.0.3 Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure | 7.5 |
2017-11-17 | CVE-2017-1000125 | Incorrect Permission Assignment for Critical Resource vulnerability in Codiad Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell. | 7.5 |
2017-11-17 | CVE-2017-1000247 | Improper Input Validation vulnerability in Codeigniter 3.1.3 British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws. | 7.5 |
2017-11-17 | CVE-2017-1000241 | Improper Privilege Management vulnerability in Open-Emr Openemr 5.0.1 The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. | 8.1 |
2017-11-17 | CVE-2017-1000238 | Unrestricted Upload of File with Dangerous Type vulnerability in Invoiceplane 1.4.10 InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver. | 8.8 |
2017-11-17 | CVE-2017-1000189 | Improper Input Validation vulnerability in EJS nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile() | 7.5 |
2017-11-17 | CVE-2017-1000208 | Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. | 8.8 |
2017-11-17 | CVE-2017-1000200 | NULL Pointer Dereference vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service | 7.5 |
2017-11-17 | CVE-2017-1000199 | Information Exposure vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges. | 7.5 |
2017-11-17 | CVE-2017-1000198 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tcmu-Runner Project Tcmu-Runner tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service | 7.5 |