Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-14945 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Gsview 6.0 Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068." | 7.8 |
| 2017-09-30 | CVE-2017-14944 | Improper Input Validation vulnerability in Inedo Proget Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | 7.5 |
| 2017-09-30 | CVE-2017-14935 | Improper Input Validation vulnerability in Pulsesecure Pulse ONE On-Premise 2.0.1649 Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information. | 7.5 |
| 2017-09-30 | CVE-2017-14929 | Infinite Loop vulnerability in Freedesktop Poppler 0.59.0 In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. | 7.5 |
| 2017-09-30 | CVE-2017-14925 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with an IMG element, related to tiki-objectpermissions.php. | 8.0 |
| 2017-09-30 | CVE-2017-14924 | Cross-Site Request Forgery (CSRF) vulnerability in Tiki Tikiwiki Cms/Groupware Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with an IMG element, related to tiki-assignuser.php. | 8.0 |
| 2017-09-30 | CVE-2017-13989 | Unspecified vulnerability in HP products An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to retrieve or modify storage information. | 8.1 |
| 2017-09-30 | CVE-2017-13982 | Unrestricted Upload of File with Dangerous Type vulnerability in HP BSM Platform Application Performance Management System Health 9.26/9.30/9.40 A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. | 8.8 |
| 2017-09-30 | CVE-2017-13684 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Unisys Mcp-Firmware 40.0/43.185 Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trigger CPM stack corruption. | 7.8 |
| 2017-09-30 | CVE-2016-4434 | XXE vulnerability in Apache Tika 1.12 Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. | 7.8 |