Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-06-16 CVE-2016-1000222 Argument Injection or Modification vulnerability in Elastic Logstash
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
network
low complexity
elastic CWE-88
7.5
2017-06-16 CVE-2016-1000221 Information Exposure vulnerability in Elastic Logstash
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
network
low complexity
elastic CWE-200
7.5
2017-06-16 CVE-2016-1000219 Improper Authorization vulnerability in Elastic Kibana
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files.
network
low complexity
elastic CWE-285
7.5
2017-06-16 CVE-2016-1000218 Cross-Site Request Forgery (CSRF) vulnerability in Elastic Kibana Reporting 2.4.0
Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially-crafted page.
network
low complexity
elastic CWE-352
8.8
2017-06-16 CVE-2017-7507 NULL Pointer Dereference vulnerability in GNU Gnutls
GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dereference while decoding a status response TLS extension with valid contents.
network
low complexity
gnu CWE-476
7.5
2017-06-16 CVE-2017-9731 Information Exposure vulnerability in Yocto Project YP Core-Pyro 2.3
In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yocto Project through YP Core - Pyro 2.3, attackers can obtain sensitive information by reading a URL in a Source entry in an ipk package.
network
low complexity
yocto-project CWE-200
7.5
2017-06-16 CVE-2017-9729 Uncontrolled Recursion vulnerability in Uclibc 0.9.33.2
In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.
network
low complexity
uclibc CWE-674
7.5
2017-06-16 CVE-2017-7884 Uncontrolled Search Path Element vulnerability in Apcupsd APC UPS Daemon 3.14.14
In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM privileges at startup.
local
low complexity
apcupsd CWE-427
8.4
2017-06-15 CVE-2017-8487 Unspecified vulnerability in Microsoft Windows Server 2003 and Windows XP
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."
local
low complexity
microsoft
7.8
2017-06-15 CVE-2017-8461 Unspecified vulnerability in Microsoft Windows Server 2003 and Windows XP
Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."
local
low complexity
microsoft
7.8