Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-08 | CVE-2018-15175 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xnview 2.45 XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file. | 7.8 |
| 2018-08-08 | CVE-2018-15174 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xnview 2.45 XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file. | 7.8 |
| 2018-08-08 | CVE-2018-15173 | Unspecified vulnerability in Nmap Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. | 7.5 |
| 2018-08-08 | CVE-2013-7464 | Cross-Site Request Forgery (CSRF) vulnerability in Csrf-Magic Project Csrf-Magic In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. | 8.8 |
| 2018-08-07 | CVE-2018-15132 | Information Exposure vulnerability in multiple products An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. | 7.5 |
| 2018-08-07 | CVE-2018-11455 | Path Traversal vulnerability in Siemens Automation License Manager A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). | 8.8 |
| 2018-08-07 | CVE-2018-11454 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). | 8.6 |
| 2018-08-07 | CVE-2018-11453 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). | 7.8 |
| 2018-08-06 | CVE-2018-14857 | Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng OCS Inventory Server Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. | 8.8 |
| 2018-08-06 | CVE-2017-16654 | Path Traversal vulnerability in multiple products An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 7.5 |