Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-17 CVE-2017-1000129 SQL Injection vulnerability in S9Y Serendipity 2.0.3
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
network
low complexity
s9y CWE-89
7.5
2017-11-17 CVE-2017-1000125 Incorrect Permission Assignment for Critical Resource vulnerability in Codiad
Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.
network
low complexity
codiad CWE-732
7.5
2017-11-17 CVE-2017-1000247 Improper Input Validation vulnerability in Codeigniter 3.1.3
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.
network
low complexity
codeigniter CWE-20
7.5
2017-11-17 CVE-2017-1000241 Improper Privilege Management vulnerability in Open-Emr Openemr 5.0.1
The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability.
network
low complexity
open-emr CWE-269
8.1
2017-11-17 CVE-2017-1000238 Unrestricted Upload of File with Dangerous Type vulnerability in Invoiceplane 1.4.10
InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload resulting in an authenticated user can upload a malicious file to the webserver.
network
low complexity
invoiceplane CWE-434
8.8
2017-11-17 CVE-2017-1000189 Improper Input Validation vulnerability in EJS
nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()
network
low complexity
ejs CWE-20
7.5
2017-11-17 CVE-2017-1000208 Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser
A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed.
network
low complexity
swagger CWE-502
8.8
2017-11-17 CVE-2017-1000200 NULL Pointer Dereference vulnerability in Tcmu-Runner Project Tcmu-Runner
tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered NULL pointer dereference in the tcmu-runner daemon's on_unregister_handler() function resulting in denial of service
network
low complexity
tcmu-runner-project CWE-476
7.5
2017-11-17 CVE-2017-1000199 Information Exposure vulnerability in Tcmu-Runner Project Tcmu-Runner
tcmu-runner version 0.91 up to 1.20 is vulnerable to information disclosure in handler_qcow.so resulting in non-privileged users being able to check for existence of any file with root privileges.
network
low complexity
tcmu-runner-project CWE-200
7.5
2017-11-17 CVE-2017-1000198 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tcmu-Runner Project Tcmu-Runner
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service
network
low complexity
tcmu-runner-project CWE-119
7.5