Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-17 | CVE-2017-11348 | Path Traversal vulnerability in Octopus Deploy and Octopus Server In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. | 5.7 |
| 2017-07-17 | CVE-2017-11340 | Improper Input Validation vulnerability in Exiv2 0.26 There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. | 6.5 |
| 2017-07-17 | CVE-2017-11339 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Exiv2 0.26 There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. | 6.5 |
| 2017-07-17 | CVE-2017-11338 | Infinite Loop vulnerability in Exiv2 0.26 There is an infinite loop in the Exiv2::Image::printIFDStructure function of image.cpp in Exiv2 0.26. | 6.5 |
| 2017-07-17 | CVE-2017-11337 | Use After Free vulnerability in Exiv2 0.26 There is an invalid free in the Action::TaskFactory::cleanup function of actions.cpp in Exiv2 0.26. | 6.5 |
| 2017-07-17 | CVE-2017-11336 | Out-of-bounds Read vulnerability in Exiv2 0.26 There is a heap-based buffer over-read in the Image::printIFDStructure function in image.cpp in Exiv2 0.26. | 6.5 |
| 2017-07-17 | CVE-2017-11328 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Virustotal Yara Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. | 5.5 |
| 2017-07-17 | CVE-2017-10604 | Improper Restriction of Excessive Authentication Attempts vulnerability in Juniper Junos 12.1X46/12.3X48/15.1X49 When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. | 5.3 |
| 2017-07-17 | CVE-2017-1000078 | Cross-site Scripting vulnerability in Onosproject Onos 1.8.0/1.9.0 Linux foundation ONOS 1.9 is vulnerable to XSS in the device. | 6.1 |
| 2017-07-17 | CVE-2017-1000070 | Open Redirect vulnerability in Oauth2 Proxy Project Oauth2 Proxy The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. | 6.1 |