Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-6295 | Cleartext Transmission of Sensitive Information vulnerability in Hanwha-Security Snh-V6410Pn Firmware and Snh-V6410Pnw Firmware Unencrypted way of remote control and communications in Hanwha Techwin Smartcams | 9.8 |
| 2018-03-13 | CVE-2018-6294 | Improper Authentication vulnerability in Hanwha-Security Snh-V6410Pn Firmware and Snh-V6410Pnw Firmware Unsecured way of firmware update in Hanwha Techwin Smartcams | 9.8 |
| 2018-03-13 | CVE-2017-1002101 | Link Following vulnerability in Kubernetes In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem. | 9.6 |
| 2018-03-13 | CVE-2018-1000076 | Improper Verification of Cryptographic Signature vulnerability in multiple products RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. | 9.8 |
| 2018-03-12 | CVE-2018-7538 | SQL Injection vulnerability in Enalean Tuleap A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands. | 9.8 |
| 2018-03-12 | CVE-2016-9953 | Out-of-bounds Read vulnerability in Haxx Curl The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. | 9.8 |
| 2018-03-12 | CVE-2018-7749 | Improper Authentication vulnerability in Asyncssh Project Asyncssh The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. | 9.8 |
| 2018-03-12 | CVE-2017-2628 | Unspecified vulnerability in Haxx Curl 7.19.7 curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. | 9.8 |
| 2018-03-11 | CVE-2018-8057 | SQL Injection vulnerability in Westernbridgegroup Razor 0.8.0 A SQL Injection vulnerability exists in Western Bridge Cobub Razor 0.8.0 via the channel_name or platform parameter in a /index.php?/manage/channel/addchannel request, related to /application/controllers/manage/channel.php. | 9.8 |
| 2018-03-11 | CVE-2018-7213 | Improper Authentication vulnerability in Abine Blur 7.8.2424 The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. | 9.8 |