Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-24 | CVE-2019-18409 | Incorrect Permission Assignment for Critical Resource vulnerability in Zenspider Ruby Parser-Legacy 1.0.0 The ruby_parser-legacy (aka legacy) gem 1.0.0 for Ruby allows local privilege escalation because of world-writable files. | 7.8 |
| 2019-10-24 | CVE-2019-18408 | Use After Free vulnerability in multiple products archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol. | 7.5 |
| 2019-10-24 | CVE-2019-15703 | Insufficient Entropy vulnerability in Fortinet Fortios An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | 7.5 |
| 2019-10-23 | CVE-2019-18213 | XXE vulnerability in multiple products XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). | 8.8 |
| 2019-10-23 | CVE-2019-8238 | Path Traversal vulnerability in Adobe Acrobat DC Adobe Acrobat and Reader versions 2019.010.20100 and earlier; 2019.010.20099 and earlier versions; 2017.011.30140 and earlier version; 2017.011.30138 and earlier version; 2015.006.30495 and earlier versions; 2015.006.30493 and earlier versions have a Path Traversal vulnerability. | 7.5 |
| 2019-10-23 | CVE-2019-18385 | Information Exposure Through Log Files vulnerability in Terra-Master Fs-210 Firmware 4.0.19 An issue was discovered on TerraMaster FS-210 4.0.19 devices. | 7.5 |
| 2019-10-23 | CVE-2019-18383 | Missing Authorization vulnerability in Terra-Master Fs-210 Firmware 4.0.19 An issue was discovered on TerraMaster FS-210 4.0.19 devices. | 7.5 |
| 2019-10-23 | CVE-2019-18382 | Unspecified vulnerability in Avstar Pe204 Firmware 3.10.70 An issue was discovered on AVStar PE204 3.10.70 IP camera devices. | 7.5 |
| 2019-10-23 | CVE-2019-18371 | Path Traversal vulnerability in MI Millet Router 3G Firmware An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. | 7.5 |
| 2019-10-23 | CVE-2014-2304 | Improper Input Validation vulnerability in Projectfloodlight Open SDN Controller 0.90 A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. | 7.5 |