Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2018-12579 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Oxid-Esales Eshop
An issue was discovered in OXID eShop Enterprise Edition before 5.3.8, 6.0.x before 6.0.3, and 6.1.x before 6.1.0; Professional Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0; and Community Edition before 4.10.8, 5.x and 6.0.x before 6.0.3, and 6.1.x before 6.1.0.
network
high complexity
oxid-esales CWE-640
8.1
2018-08-20 CVE-2018-1517 Improper Input Validation vulnerability in multiple products
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data.
network
low complexity
ibm redhat CWE-20
7.5
2018-08-20 CVE-2017-16744 Path Traversal vulnerability in Tridium Niagara and Niagara AX Framework
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
network
low complexity
tridium CWE-22
7.2
2018-08-20 CVE-2016-7048 Improper Access Control vulnerability in Postgresql
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
network
high complexity
postgresql CWE-284
8.1
2018-08-20 CVE-2018-14079 Information Exposure vulnerability in Wi2Be Smart HP WMT R1.2.20201400922
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.
network
low complexity
wi2be CWE-200
7.5
2018-08-20 CVE-2018-14077 Unspecified vulnerability in Wi2Be Smart HP WMT R1.2.20201400922
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg.
network
low complexity
wi2be
7.5
2018-08-20 CVE-2018-1000224 Missing Initialization of Resource vulnerability in Godotengine Godot
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6.
network
low complexity
godotengine CWE-909
7.5
2018-08-20 CVE-2018-1000223 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Surina Soundtouch
soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution.
network
low complexity
surina CWE-119
8.8
2018-08-20 CVE-2018-1000222 Double Free vulnerability in multiple products
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution .
network
low complexity
libgd canonical debian CWE-415
8.8
2018-08-20 CVE-2018-1000216 Double Free vulnerability in Cjson Project Cjson
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE.
network
low complexity
cjson-project CWE-415
8.8