Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-19 | CVE-2017-9744 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | 7.8 |
| 2017-06-19 | CVE-2017-9743 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | 7.8 |
| 2017-06-19 | CVE-2017-9742 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Binutils 2.28 The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution. | 7.8 |
| 2017-06-16 | CVE-2017-9231 | XXE vulnerability in Citrix Xenmobile Server XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | 7.5 |
| 2017-06-16 | CVE-2017-9735 | Information Exposure Through Discrepancy vulnerability in multiple products Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords. | 7.5 |
| 2017-06-16 | CVE-2017-8452 | Uncontrolled File Descriptor Consumption vulnerability in Elastic Kibana Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes. | 7.5 |
| 2017-06-16 | CVE-2017-8450 | Information Exposure vulnerability in Elastic X-Pack 5.1.1 X-Pack 5.1.1 did not properly apply document and field level security to multi-search and multi-get requests so users without access to a document and/or field may have been able to access this information. | 7.5 |
| 2017-06-16 | CVE-2016-10363 | Improper Resource Shutdown or Release vulnerability in Elastic Logstash Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. | 7.5 |
| 2017-06-16 | CVE-2016-1000222 | Argument Injection or Modification vulnerability in Elastic Logstash Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | 7.5 |
| 2017-06-16 | CVE-2016-1000221 | Information Exposure vulnerability in Elastic Logstash Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. | 7.5 |