Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-08 CVE-2018-15175 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xnview 2.45
XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file.
local
low complexity
xnview CWE-119
7.8
2018-08-08 CVE-2018-15174 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xnview 2.45
XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file.
local
low complexity
xnview CWE-119
7.8
2018-08-08 CVE-2018-15173 Unspecified vulnerability in Nmap
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.
network
low complexity
nmap
7.5
2018-08-08 CVE-2013-7464 Cross-Site Request Forgery (CSRF) vulnerability in Csrf-Magic Project Csrf-Magic
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
network
low complexity
csrf-magic-project CWE-352
8.8
2018-08-07 CVE-2018-15132 Information Exposure vulnerability in multiple products
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8.
network
low complexity
php netapp CWE-200
7.5
2018-08-07 CVE-2018-11455 Path Traversal vulnerability in Siemens Automation License Manager
A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1).
network
low complexity
siemens CWE-22
8.8
2018-08-07 CVE-2018-11454 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2).
local
low complexity
siemens CWE-732
8.6
2018-08-07 CVE-2018-11453 Incorrect Permission Assignment for Critical Resource vulnerability in Siemens products
A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2).
local
low complexity
siemens CWE-732
7.8
2018-08-06 CVE-2018-14857 Unrestricted Upload of File with Dangerous Type vulnerability in Ocsinventory-Ng OCS Inventory Server
Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.
network
low complexity
ocsinventory-ng CWE-434
8.8
2018-08-06 CVE-2017-16654 Path Traversal vulnerability in multiple products
An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5.
network
low complexity
sensiolabs debian CWE-22
7.5