Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-22 | CVE-2018-11365 | Infinite Loop vulnerability in Wizardmac Readstat 0.1.1 sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop. | 7.5 |
| 2018-05-22 | CVE-2018-11364 | Missing Release of Resource after Effective Lifetime vulnerability in Wizardmac Readstat 0.1.1 sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call. | 7.5 |
| 2018-05-22 | CVE-2018-11363 | Out-of-bounds Read vulnerability in Pdfgen jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read. | 7.5 |
| 2018-05-22 | CVE-2018-11345 | Unrestricted Upload of File with Dangerous Type vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. | 8.8 |
| 2018-05-22 | CVE-2018-11341 | Path Traversal vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter. | 7.2 |
| 2018-05-22 | CVE-2018-11340 | Unrestricted Upload of File with Dangerous Type vulnerability in Asustor As6202T Firmware Adm3.1.0.Rfq3 An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. | 7.2 |
| 2018-05-21 | CVE-2018-7687 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microfocus Client 2.0 The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys. | 7.8 |
| 2018-05-21 | CVE-2018-8012 | Missing Authorization vulnerability in multiple products No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. | 7.5 |
| 2018-05-20 | CVE-2018-11319 | Path Traversal vulnerability in multiple products Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). | 7.5 |
| 2018-05-19 | CVE-2018-11239 | Integer Overflow or Wraparound vulnerability in Hexagontoken Hexagon An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in May 2018, aka the "burnOverflow" issue. | 7.5 |