Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-03 CVE-2018-16416 Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.4
Cross-site request forgery (CSRF) vulnerability in my_profile/edit?inline= in FUEL CMS 1.4 allows remote attackers to change the administrator's password.
network
low complexity
thedaylightstudio CWE-352
8.8
2018-09-03 CVE-2018-16413 Out-of-bounds Read vulnerability in Imagemagick 7.0.811
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the MagickCore/quantum-private.h PushShortPixel function when called from the coders/psd.c ParseImageResourceBlocks function.
network
low complexity
imagemagick CWE-125
8.8
2018-09-03 CVE-2018-16412 Out-of-bounds Read vulnerability in multiple products
ImageMagick 7.0.8-11 Q16 has a heap-based buffer over-read in the coders/psd.c ParseImageResourceBlocks function.
network
low complexity
imagemagick opensuse CWE-125
8.8
2018-09-03 CVE-2018-16409 Server-Side Request Forgery (SSRF) vulnerability in Gogs 0.11.53
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
network
low complexity
gogs CWE-918
8.6
2018-09-03 CVE-2018-16408 OS Command Injection vulnerability in D-Link Dir-846 Firmware 100.26
D-Link DIR-846 devices with firmware 100.26 allow remote attackers to execute arbitrary code as root via a SetNetworkTomographySettings request by leveraging admin access.
network
low complexity
d-link CWE-78
7.2
2018-09-03 CVE-2018-16398 Unspecified vulnerability in Twistlock Authz Broker 0.1
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not allowed.
network
low complexity
twistlock
7.5
2018-09-03 CVE-2018-16387 Cross-Site Request Forgery (CSRF) vulnerability in Elefantcms
An issue was discovered in Elefant CMS before 2.0.5.
network
low complexity
elefantcms CWE-352
8.8
2018-09-03 CVE-2018-16384 SQL Injection vulnerability in Owasp Modsecurity Core Rule SET
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
network
low complexity
owasp CWE-89
7.5
2018-09-03 CVE-2018-16380 Cross-Site Request Forgery (CSRF) vulnerability in Digimute Ogma CMS 0.4
An issue was discovered in Ogma CMS 0.4 Beta.
network
low complexity
digimute CWE-352
8.8
2018-09-03 CVE-2018-16376 Out-of-bounds Write vulnerability in Uclouvain Openjpeg 2.3.0
An issue was discovered in OpenJPEG 2.3.0.
network
low complexity
uclouvain CWE-787
8.8