Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-19 | CVE-2017-7948 | Integer Overflow or Wraparound vulnerability in Artifex Ghostscript 9.21 Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document. | 7.8 |
| 2017-04-19 | CVE-2017-7850 | Incorrect Permission Assignment for Critical Resource vulnerability in Tenable Nessus Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local privilege escalation issue due to insecure permissions when running in Agent Mode. | 7.8 |
| 2017-04-18 | CVE-2016-10345 | Permissions, Privileges, and Access Controls vulnerability in Phusion Passenger In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | 7.8 |
| 2017-04-18 | CVE-2017-5656 | Session Fixation vulnerability in Apache CXF Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | 7.5 |
| 2017-04-18 | CVE-2017-7645 | Improper Input Validation vulnerability in multiple products The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. | 7.5 |
| 2017-04-18 | CVE-2017-5662 | XXE vulnerability in Apache Batik In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. | 7.3 |
| 2017-04-18 | CVE-2017-5661 | XXE vulnerability in Apache Formatting Objects Processor In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. | 7.3 |
| 2017-04-17 | CVE-2017-7892 | Improper Input Validation vulnerability in Capnproto Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. | 7.5 |
| 2017-04-17 | CVE-2017-1161 | Improper Input Validation vulnerability in IBM API Connect 5.0.6.0 IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. | 7.3 |
| 2017-04-17 | CVE-2016-3036 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Cognos Business Intelligence 10.1/10.2/10.2.2 IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, caused by a stack-based buffer overflow when parsing packets. | 7.5 |