Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-1000120 | SQL Injection vulnerability in Frappe [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | 8.8 |
| 2017-10-05 | CVE-2017-1000119 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October 1.0.412 October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | 7.2 |
| 2017-10-05 | CVE-2017-1000118 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Akka Http Server Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service | 7.5 |
| 2017-10-05 | CVE-2017-1000117 | Open Redirect vulnerability in Git-Scm GIT A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. | 8.8 |
| 2017-10-05 | CVE-2017-1000115 | Link Following vulnerability in multiple products Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | 7.5 |
| 2017-10-05 | CVE-2017-1000112 | Race Condition vulnerability in Linux Kernel Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. | 7.0 |
| 2017-10-05 | CVE-2017-1000111 | Out-of-bounds Write vulnerability in multiple products Linux kernel: heap out-of-bounds in AF_PACKET sockets. | 7.8 |
| 2017-10-05 | CVE-2017-1000108 | Information Exposure vulnerability in Jenkins Pipeline-Input-Step The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. | 7.5 |
| 2017-10-05 | CVE-2017-1000107 | Unspecified vulnerability in Jenkins Script Security 1.30 Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. | 8.8 |
| 2017-10-05 | CVE-2017-1000106 | Improper Authentication vulnerability in Jenkins Blue Ocean Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. | 8.5 |