Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-05 | CVE-2018-11743 | Access of Uninitialized Pointer vulnerability in multiple products The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. | 7.5 |
| 2018-06-05 | CVE-2018-1000180 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. | 7.5 |
| 2018-06-05 | CVE-2018-11722 | SQL Injection vulnerability in Wuzhicms 4.1.0 WUZHI CMS 4.1.0 has a SQL Injection in api/uc.php via the 'code' parameter, because 'UC_KEY' is hard coded. | 7.5 |
| 2018-06-05 | CVE-2018-11554 | Information Exposure vulnerability in Yzmcms The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a verification code, which makes it easier for remote attackers to hijack accounts via a brute-force approach. | 7.5 |
| 2018-06-05 | CVE-2018-11736 | Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck An issue was discovered in Pluck before 4.7.7-dev2. | 7.5 |
| 2018-06-04 | CVE-2018-3853 | Use After Free vulnerability in Foxitsoftware Foxit Reader 9.0.1.1049 An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software Foxit PDF Reader version 9.0.1.1049. | 8.8 |
| 2018-06-04 | CVE-2017-16042 | OS Command Injection vulnerability in Growl Project Growl Growl adds growl notification support to nodejs. | 7.5 |
| 2018-06-04 | CVE-2017-16026 | Improper Input Validation vulnerability in Request Project Request Request is an http client. | 7.1 |
| 2018-06-04 | CVE-2016-8390 | Out-of-bounds Write vulnerability in Cryptic-Apps Hopper Disassembler 3.11.20 An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. | 7.8 |
| 2018-06-04 | CVE-2018-10611 | Improper Authentication vulnerability in GE MDS Pulsenet Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services. | 7.5 |