Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-03 | CVE-2018-16416 | Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4 Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password. | 8.8 |
2018-09-03 | CVE-2018-16413 | Out-of-bounds Read vulnerability in Imagemagick 7.0.811 ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function. | 8.8 |
2018-09-03 | CVE-2018-16412 | Out-of-bounds Read vulnerability in multiple products ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function. | 8.8 |
2018-09-03 | CVE-2018-16409 | Server-Side Request Forgery (SSRF) vulnerability in Gogs 0.11.53 In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | 8.6 |
2018-09-03 | CVE-2018-16408 | OS Command Injection vulnerability in D-Link Dir-846 Firmware 100.26 D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access. | 7.2 |
2018-09-03 | CVE-2018-16398 | Unspecified vulnerability in Twistlock Authz Broker 0.1 In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed. | 7.5 |
2018-09-03 | CVE-2018-16387 | Cross-Site Request Forgery (CSRF) vulnerability in Elefantcms An issue was discovered in Elefant CMS before 2.0.5. | 8.8 |
2018-09-03 | CVE-2018-16384 | SQL Injection vulnerability in Owasp Modsecurity Core Rule SET A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | 7.5 |
2018-09-03 | CVE-2018-16380 | Cross-Site Request Forgery (CSRF) vulnerability in Digimute Ogma CMS 0.4 An issue was discovered in Ogma CMS 0.4 Beta. | 8.8 |
2018-09-03 | CVE-2018-16376 | Out-of-bounds Write vulnerability in Uclouvain Openjpeg 2.3.0 An issue was discovered in OpenJPEG 2.3.0. | 8.8 |