Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-02 CVE-2018-11147 OS Command Injection vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 5 of 46).
network
low complexity
quest CWE-78
8.8
8.8
2018-06-02 CVE-2018-11146 OS Command Injection vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 4 of 46).
network
low complexity
quest CWE-78
8.8
8.8
2018-06-02 CVE-2018-11145 OS Command Injection vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 3 of 46).
network
low complexity
quest CWE-78
8.8
8.8
2018-06-02 CVE-2018-11144 OS Command Injection vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 2 of 46).
network
low complexity
quest CWE-78
8.8
8.8
2018-06-01 CVE-2016-1000338 Improper Verification of Cryptographic Signature vulnerability in multiple products
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification.
network
low complexity
bouncycastle redhat canonical netapp CWE-347
7.5
7.5
2018-06-01 CVE-2018-3756 Improper Verification of Cryptographic Signature vulnerability in Hyperledger Iroha 1.0/1.0.0
Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.
network
low complexity
hyperledger CWE-347
7.5
7.5
2018-06-01 CVE-2018-11538 Cross-Site Request Forgery (CSRF) vulnerability in Searchblox 8.6.6
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
network
low complexity
searchblox CWE-352
8.8
8.8
2018-06-01 CVE-2018-11196 Unrestricted Upload of File with Dangerous Type vulnerability in Mahara
Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 can be used as medium to transmit viruses by placing infected files into a Leap2A archive and uploading that to Mahara.
network
low complexity
mahara CWE-434
7.5
7.5
2018-06-01 CVE-2016-10634 Cryptographic Issues vulnerability in Scalajs-Standalone-Bin Project Scalajs-Standalone-Bin
scala-standalone-bin is a Binary wrapper for ScalaJS.
network
high complexity
scalajs-standalone-bin-project CWE-310
8.1
8.1
2018-06-01 CVE-2016-10633 Cryptographic Issues vulnerability in Dwebp-Bin Project Dwebp-Bin
dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG.
network
high complexity
dwebp-bin-project CWE-310
8.1
8.1