Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-18 | CVE-2017-10708 | Path Traversal vulnerability in Apport Project Apport An issue was discovered in Apport through 2.20.x. | 7.8 |
| 2017-07-18 | CVE-2017-11421 | Code Injection vulnerability in Gnome-Exe-Thumbnailer Project Gnome-Exe-Thumbnailer 0.9.4 gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. | 7.8 |
| 2017-07-18 | CVE-2017-7506 | Unspecified vulnerability in Spice Project Spice spice versions though 0.13 are vulnerable to out-of-bounds memory access when processing specially crafted messages from authenticated attacker to the spice server resulting into crash and/or server memory leak. | 8.8 |
| 2017-07-18 | CVE-2017-6320 | OS Command Injection vulnerability in Barracuda Load Balancer ADC A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. | 8.8 |
| 2017-07-18 | CVE-2017-10961 | Cross-Site Request Forgery (CSRF) vulnerability in Vanderbilt Redcap REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | 8.8 |
| 2017-07-18 | CVE-2017-1318 | OS Command Injection vulnerability in IBM MQ Appliance IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging administrator to execute arbitrary commands on the system, caused by command execution. | 8.8 |
| 2017-07-18 | CVE-2017-11403 | Use After Free vulnerability in Graphicsmagick 1.3.26 The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. | 8.8 |
| 2017-07-17 | CVE-2017-9933 | Information Exposure vulnerability in Joomla Joomla! Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | 7.5 |
| 2017-07-17 | CVE-2017-9812 | Information Exposure vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297 The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges. | 7.5 |
| 2017-07-17 | CVE-2017-9810 | Cross-Site Request Forgery (CSRF) vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297 There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). | 8.8 |