Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-17 | CVE-2017-1000052 | Injection vulnerability in Plug Project Plug Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions. | 7.8 |
2017-07-17 | CVE-2017-1000050 | NULL Pointer Dereference vulnerability in multiple products JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | 7.5 |
2017-07-17 | CVE-2017-1000048 | Improper Input Validation vulnerability in QS Project QS the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. | 7.5 |
2017-07-17 | CVE-2017-1000046 | Unspecified vulnerability in Mautic Mautic 2.6.1 and earlier fails to set flags on session cookies | 7.5 |
2017-07-17 | CVE-2017-1000034 | Deserialization of Untrusted Data vulnerability in Akka Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem. | 8.1 |
2017-07-17 | CVE-2017-1000031 | SQL Injection vulnerability in Cacti 0.8.8B SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. | 8.8 |
2017-07-17 | CVE-2017-1000029 | Information Exposure vulnerability in Oracle Glassfish Server 3.0.1 Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication. | 7.5 |
2017-07-17 | CVE-2017-1000028 | Path Traversal vulnerability in Oracle Glassfish Server 4.1 Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request. | 7.5 |
2017-07-17 | CVE-2017-1000026 | Path Traversal vulnerability in Progress Mixlib-Archive 0.1.0/0.2.0/0.3.0 Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | 7.5 |
2017-07-17 | CVE-2017-1000025 | Information Exposure vulnerability in Gnome Epiphany GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites. | 7.5 |