Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-08-24 CVE-2017-9512 Information Exposure vulnerability in Atlassian Crucible
The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to access sensitive information, for example email addresses of committers, as it lacked permission checks.
network
low complexity
atlassian CWE-200
7.5
2017-08-24 CVE-2017-11424 In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys.
network
low complexity
pyjwt-project debian
7.5
2017-08-24 CVE-2017-12836 CVS 1.12.x, when configured to use SSH for remote repositories, might allow remote attackers to execute arbitrary code via a repository URL with a crafted hostname, as demonstrated by "-oProxyCommand=id;localhost:/bar."
network
high complexity
gnu canonical debian
7.5
2017-08-24 CVE-2017-12137 Classic Buffer Overflow vulnerability in multiple products
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
local
low complexity
xen citrix debian CWE-120
8.8
2017-08-24 CVE-2017-12136 Race Condition vulnerability in multiple products
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
local
high complexity
xen citrix debian CWE-362
7.8
2017-08-24 CVE-2017-12135 Incorrect Calculation vulnerability in multiple products
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
local
low complexity
xen citrix debian CWE-682
8.8
2017-08-24 CVE-2017-12134 Incorrect Calculation vulnerability in multiple products
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
local
low complexity
xen citrix CWE-682
8.8
2017-08-24 CVE-2017-0805 Improper Validation of Array Index vulnerability in Google Android
A elevation of privilege vulnerability in the Android media framework (libstagefright).
local
low complexity
google CWE-129
7.8
2017-08-23 CVE-2017-13147 Improper Input Validation vulnerability in Graphicsmagick 1.3.26
In GraphicsMagick 1.3.26, an allocation failure vulnerability was found in the function ReadMNGImage in coders/png.c when a small MNG file has a MEND chunk with a large length value.
network
low complexity
graphicsmagick CWE-20
8.8
2017-08-23 CVE-2017-12970 Cross-Site Request Forgery (CSRF) vulnerability in Apache2Triad 1.5.4
Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 allows remote attackers to hijack the authentication of authenticated users for requests that (1) add or (2) delete user accounts via a request to phpsftpd/users.php.
network
low complexity
apache2triad CWE-352
8.8