Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-27 | CVE-2017-1000207 | Deserialization of Untrusted Data vulnerability in Swagger Swagger-Codegen and Swagger-Parser A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. | 8.8 |
| 2017-11-27 | CVE-2017-1000159 | OS Command Injection vulnerability in Gnome Evince Command injection in evince via filename when printing to PDF. | 7.8 |
| 2017-11-27 | CVE-2017-1001004 | Improper Input Validation vulnerability in Typed Function Project Typed Function typed-function before 0.10.6 had an arbitrary code execution in the JavaScript engine. | 8.8 |
| 2017-11-27 | CVE-2017-8038 | Unspecified vulnerability in Pivotal Software Credhub-Release 1.1.0 In Cloud Foundry Foundation Credhub-release version 1.1.0, access control lists (ACLs) enforce whether an authenticated user can perform an operation on a credential. | 8.8 |
| 2017-11-27 | CVE-2017-8028 | Improper Authentication vulnerability in multiple products In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. | 8.1 |
| 2017-11-27 | CVE-2017-4995 | Deserialization of Untrusted Data vulnerability in VMWare Spring Security An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. | 8.1 |
| 2017-11-27 | CVE-2017-16960 | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd. | 8.8 |
| 2017-11-27 | CVE-2017-16958 | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd. | 8.8 |
| 2017-11-27 | CVE-2017-16957 | OS Command Injection vulnerability in Tp-Link products TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd. | 8.8 |
| 2017-11-27 | CVE-2017-16955 | SQL Injection vulnerability in Inlinks Project Inlinks 1.0 SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. | 8.8 |