Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2019-11-12 CVE-2018-21026 Information Exposure vulnerability in Hitachi products
A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information.
network
low complexity
hitachi CWE-200
7.5
7.5
2019-11-12 CVE-2019-17237 Cross-Site Request Forgery (CSRF) vulnerability in Getigniteup Igniteup
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF.
network
low complexity
getigniteup CWE-352
8.8
8.8
2019-11-12 CVE-2019-17234 Missing Authentication for Critical Function vulnerability in Getigniteup Igniteup
includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion.
network
low complexity
getigniteup CWE-306
7.5
7.5
2019-11-12 CVE-2012-1572 Resource Exhaustion vulnerability in multiple products
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
network
low complexity
openstack debian CWE-400
7.5
7.5
2019-11-12 CVE-2019-4652 Incorrect Default Permissions vulnerability in IBM Spectrum Protect Plus
IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions.
local
low complexity
ibm CWE-276
7.1
7.1
2019-11-12 CVE-2019-18848 Improper Authentication vulnerability in multiple products
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
network
low complexity
json-jwt-project debian CWE-287
7.5
7.5
2019-11-12 CVE-2012-1109 Improper Handling of Exceptional Conditions vulnerability in Pediapress Mwlib
mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions
network
low complexity
pediapress CWE-755
7.5
7.5
2019-11-12 CVE-2011-3618 Link Following vulnerability in multiple products
atop: symlink attack possible due to insecure tempfile handling
local
low complexity
atop-project debian CWE-59
7.8
7.8
2019-11-12 CVE-2019-18817 Infinite Loop vulnerability in Istio
Istio 1.3.x before 1.3.5 allows Denial of Service because continue_on_listener_filters_timeout is set to True, a related issue to CVE-2019-18836.
network
low complexity
istio CWE-835
7.5
7.5
2019-11-12 CVE-2014-7143 Improper Certificate Validation vulnerability in Twisted 14.0.0
Python Twisted 14.0 trustRoot is not respected in HTTP client
network
low complexity
twisted CWE-295
7.5
7.5