Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-01 CVE-2018-1999025 Improper Certificate Validation vulnerability in Jenkins Tracetronic Ecu-Test
A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.
network
high complexity
jenkins CWE-295
7.4
2018-08-01 CVE-2016-8637 Unspecified vulnerability in Dracut Project Dracut
A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates.
local
low complexity
dracut-project
7.8
2018-08-01 CVE-2018-11050 Insufficiently Protected Credentials vulnerability in Dell EMC Networker
Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing Protocol (AMQP) component.
low complexity
dell CWE-522
8.8
2018-08-01 CVE-2016-9573 An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool.
network
low complexity
uclouvain redhat debian
8.1
2018-08-01 CVE-2016-8625 Unspecified vulnerability in Haxx Curl
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
network
low complexity
haxx
7.5
2018-08-01 CVE-2016-8623 Unspecified vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.0.
network
low complexity
haxx
7.5
2018-08-01 CVE-2016-8615 Unspecified vulnerability in Haxx Curl
A flaw was found in curl before version 7.51.
network
low complexity
haxx
7.5
2018-07-31 CVE-2016-8621 Out-of-bounds Read vulnerability in Haxx Curl
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
network
low complexity
haxx CWE-125
7.5
2018-07-31 CVE-2016-8617 Unspecified vulnerability in Haxx Curl
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
local
high complexity
haxx
7.0
2018-07-31 CVE-2016-8624 Unspecified vulnerability in Haxx Curl
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host.
network
low complexity
haxx
7.5