Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-18 | CVE-2017-7645 | Improper Input Validation vulnerability in multiple products The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | 7.5 |
| 2017-04-18 | CVE-2017-5662 | XXE vulnerability in Apache Batik In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. | 7.3 |
| 2017-04-18 | CVE-2017-5661 | XXE vulnerability in Apache Formatting Objects Processor In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. | 7.3 |
| 2017-04-17 | CVE-2017-7892 | Improper Input Validation vulnerability in Capnproto Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. | 7.5 |
| 2017-04-17 | CVE-2017-1161 | Improper Input Validation vulnerability in IBM API Connect 5.0.6.0 IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. | 7.3 |
| 2017-04-17 | CVE-2016-3036 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. | 7.5 |
| 2017-04-17 | CVE-2017-5659 | Improper Input Validation vulnerability in Apache Traffic Server Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding. | 7.5 |
| 2017-04-17 | CVE-2016-5396 | Resource Management Errors vulnerability in Apache Traffic Server Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack. | 7.5 |
| 2017-04-17 | CVE-2017-5650 | Improper Resource Shutdown or Release vulnerability in Apache Tomcat In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. | 7.5 |
| 2017-04-17 | CVE-2017-5647 | Information Exposure vulnerability in Apache Tomcat A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. | 7.5 |