Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-17 CVE-2017-1000062 Path Traversal vulnerability in Kitto Project Kitto 0.5.1
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution
network
low complexity
kitto-project CWE-22
7.5
2017-07-17 CVE-2017-1000061 XXE vulnerability in Xmlsec Project Xmlsec
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
local
low complexity
xmlsec-project CWE-611
7.1
2017-07-17 CVE-2017-1000053 Deserialization of Untrusted Data vulnerability in Plug Project Plug
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to arbitrary code execution in the deserialization functions of Plug.Session.
network
high complexity
plug-project CWE-502
8.1
2017-07-17 CVE-2017-1000052 Injection vulnerability in Plug Project Plug
Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to null byte injection in the Plug.Static component, which may allow users to bypass filetype restrictions.
local
low complexity
plug-project CWE-74
7.8
2017-07-17 CVE-2017-1000050 NULL Pointer Dereference vulnerability in multiple products
JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service.
7.5
2017-07-17 CVE-2017-1000048 Improper Input Validation vulnerability in QS Project QS
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS.
network
low complexity
qs-project CWE-20
7.5
2017-07-17 CVE-2017-1000046 Unspecified vulnerability in Mautic
Mautic 2.6.1 and earlier fails to set flags on session cookies
network
low complexity
mautic
7.5
2017-07-17 CVE-2017-1000034 Deserialization of Untrusted Data vulnerability in Akka
Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserialization attack in its Remoting component resulting in remote code execution in the context of the ActorSystem.
network
high complexity
akka CWE-502
8.1
2017-07-17 CVE-2017-1000031 SQL Injection vulnerability in Cacti 0.8.8B
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
network
low complexity
cacti CWE-89
8.8
2017-07-17 CVE-2017-1000029 Information Exposure vulnerability in Oracle Glassfish Server 3.0.1
Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
network
low complexity
oracle CWE-200
7.5