Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-23 | CVE-2018-17341 | Improper Authentication vulnerability in Bigtreecms Bigtree CMS 4.2.23 BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI. | 8.1 |
| 2018-09-23 | CVE-2018-17338 | Out-of-bounds Write vulnerability in Pdfalto Project Pdfalto 0.1/0.2 An issue has been found in pdfalto through 0.2. | 7.8 |
| 2018-09-22 | CVE-2018-17336 | Use of Externally-Controlled Format String vulnerability in multiple products UDisks 2.8.0 has a format string vulnerability in udisks_log in udiskslogging.c, allowing attackers to obtain sensitive information (stack contents), cause a denial of service (memory corruption), or possibly have unspecified other impact via a malformed filesystem label, as demonstrated by %d or %n substrings. | 7.8 |
| 2018-09-22 | CVE-2018-17332 | Missing Release of Resource after Effective Lifetime vulnerability in Libsvg2 Project Libsvg2 An issue was discovered in libsvg2 through 2012-10-19. | 7.5 |
| 2018-09-21 | CVE-2018-14891 | Unspecified vulnerability in Vectra Cognito Management Console in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local privilege escalation vulnerability. | 7.8 |
| 2018-09-21 | CVE-2018-14889 | Improper Input Validation vulnerability in Apache Couchdb CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability. | 7.8 |
| 2018-09-21 | CVE-2018-12169 | Improper Authentication vulnerability in multiple products Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | 7.6 |
| 2018-09-21 | CVE-2018-17050 | Integer Overflow or Wraparound vulnerability in Polyai Project Polyai The mintToken function of a smart contract implementation for PolyAi (AI), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 7.5 |
| 2018-09-21 | CVE-2018-15612 | Cross-Site Request Forgery (CSRF) vulnerability in Avaya Orchestration Designer 7.1 A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. | 8.8 |
| 2018-09-21 | CVE-2018-14732 | Improper Input Validation vulnerability in Webpack.Js Webpack-Dev-Server An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. | 7.5 |