Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-28 | CVE-2017-15673 | Unrestricted Upload of File with Dangerous Type vulnerability in Cs-Cart The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page. | 7.2 |
| 2017-11-28 | CVE-2017-8019 | Improper Input Validation vulnerability in EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 7.5 |
| 2017-11-28 | CVE-2017-8001 | Information Exposure Through Log Files vulnerability in Dell EMC Scaleio An issue was discovered in EMC ScaleIO 2.0.1.x. | 8.4 |
| 2017-11-28 | CVE-2016-10701 | Cross-Site Request Forgery (CSRF) vulnerability in Hitachivantara Pentaho Business Analytics 8.0 In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | 8.8 |
| 2017-11-27 | CVE-2017-15275 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | 7.5 |
| 2017-11-27 | CVE-2017-15055 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. | 8.1 |
| 2017-11-27 | CVE-2017-15054 | Unrestricted Upload of File with Dangerous Type vulnerability in Teampass An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. | 7.5 |
| 2017-11-27 | CVE-2017-15114 | Improper Certificate Validation vulnerability in Redhat Openstack Platform 12.0 When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. | 8.1 |
| 2017-11-27 | CVE-2017-14585 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Hipchat Data Center and Hipchat Server A Server Side Request Forgery (SSRF) vulnerability could lead to remote code execution for authenticated administrators. | 7.2 |
| 2017-11-27 | CVE-2017-0910 | Improper Authentication vulnerability in Zulip Server In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | 8.8 |