Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-05 | CVE-2017-1000253 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). | 7.8 |
| 2017-10-05 | CVE-2017-1000120 | SQL Injection vulnerability in Frappe [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | 8.8 |
| 2017-10-05 | CVE-2017-1000119 | Unrestricted Upload of File with Dangerous Type vulnerability in Octobercms October 1.0.412 October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server. | 7.2 |
| 2017-10-05 | CVE-2017-1000118 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Akka Http Server Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service | 7.5 |
| 2017-10-05 | CVE-2017-1000117 | Open Redirect vulnerability in Git-Scm GIT A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. | 8.8 |
| 2017-10-05 | CVE-2017-1000115 | Link Following vulnerability in multiple products Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository | 7.5 |
| 2017-10-05 | CVE-2017-1000112 | Race Condition vulnerability in Linux Kernel Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. | 7.0 |
| 2017-10-05 | CVE-2017-1000111 | Out-of-bounds Write vulnerability in multiple products Linux kernel: heap out-of-bounds in AF_PACKET sockets. | 7.8 |
| 2017-10-05 | CVE-2017-1000108 | Information Exposure vulnerability in Jenkins Pipeline-Input-Step The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. | 7.5 |
| 2017-10-05 | CVE-2017-1000107 | Unspecified vulnerability in Jenkins Script Security 1.30 Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. | 8.8 |