Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-06-16 | CVE-2016-1000222 | Argument Injection or Modification vulnerability in Elastic Logstash Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | 7.5 |
2017-06-16 | CVE-2016-1000221 | Information Exposure vulnerability in Elastic Logstash Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. | 7.5 |
2017-06-16 | CVE-2016-1000219 | Improper Authorization vulnerability in Elastic Kibana Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. | 7.5 |
2017-06-16 | CVE-2016-1000218 | Cross-Site Request Forgery (CSRF) vulnerability in Elastic Kibana Reporting 2.4.0 Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page. | 8.8 |
2017-06-16 | CVE-2017-7507 | NULL Pointer Dereference vulnerability in GNU Gnutls GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents. | 7.5 |
2017-06-16 | CVE-2017-9731 | Information Exposure vulnerability in Yocto Project YP Core-Pyro 2.3 In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package. | 7.5 |
2017-06-16 | CVE-2017-9729 | Uncontrolled Recursion vulnerability in Uclibc 0.9.33.2 In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression. | 7.5 |
2017-06-16 | CVE-2017-7884 | Uncontrolled Search Path Element vulnerability in Apcupsd APC UPS Daemon 3.14.14 In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup. | 8.4 |
2017-06-15 | CVE-2017-8487 | Unspecified vulnerability in Microsoft Windows Server 2003 and Windows XP Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability." | 7.8 |
2017-06-15 | CVE-2017-8461 | Unspecified vulnerability in Microsoft Windows Server 2003 and Windows XP Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability." | 7.8 |