Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-23 | CVE-2017-9317 | Unspecified vulnerability in Dahuasecurity products Privilege escalation vulnerability found in some Dahua IP devices. | 8.8 |
| 2018-05-23 | CVE-2018-1310 | Deserialization of Untrusted Data vulnerability in Apache Nifi Apache NiFi JMS Deserialization issue because of ActiveMQ client vulnerability. | 7.5 |
| 2018-05-23 | CVE-2018-1125 | Out-of-bounds Write vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. | 7.5 |
| 2018-05-23 | CVE-2018-1123 | procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. | 7.5 |
| 2018-05-23 | CVE-2018-1122 | procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. | 7.0 |
| 2018-05-23 | CVE-2018-8176 | Improper Input Validation vulnerability in Microsoft Office for mac 2016 A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly validate XML content, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office. | 8.8 |
| 2018-05-23 | CVE-2018-11396 | Unspecified vulnerability in Gnome Epiphany ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call. | 7.5 |
| 2018-05-23 | CVE-2018-1124 | Integer Overflow or Wraparound vulnerability in multiple products procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. | 7.8 |
| 2018-05-23 | CVE-2018-7295 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Square-Enix Final Fantasy XIV 4.21/4.25 ffxivlauncher.exe in Square Enix Final Fantasy XIV 4.21 and 4.25 on Windows is affected by Improper Enforcement of Message Integrity During Transmission in a Communication Channel, allowing a man-in-the-middle attacker to steal user credentials because a session retrieves global.js via http before proceeding to use https. | 8.1 |
| 2018-05-23 | CVE-2018-11334 | Incorrect Permission Assignment for Critical Resource vulnerability in Windscribe 1.81 Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService. | 7.8 |