Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-17 | CVE-2018-11230 | Use After Free vulnerability in Jbig2Enc Project Jbig2Enc 0.29 jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file. | 8.8 |
| 2018-05-17 | CVE-2018-10027 | Untrusted Search Path vulnerability in Estsoft Alzip ESTsoft ALZip before 10.76 allows local users to execute arbitrary code via creating a malicious .DLL file and installing it in a specific directory: %PROGRAMFILES%\ESTsoft\ALZip\Formats, %PROGRAMFILES%\ESTsoft\ALZip\Coders, %PROGRAMFILES(X86)%\ESTsoft\ALZip\Formats, or %PROGRAMFILES(X86)%\ESTsoft\ALZip\Coders. | 7.8 |
| 2018-05-17 | CVE-2018-11226 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | 8.8 |
| 2018-05-17 | CVE-2018-11225 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | 8.8 |
| 2018-05-17 | CVE-2018-0325 | Improper Input Validation vulnerability in Cisco IP Phone 7800 Firmware and IP Phone 8800 Firmware A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. | 7.5 |
| 2018-05-17 | CVE-2018-0280 | Improper Input Validation vulnerability in Cisco Meeting Server A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.5 |
| 2018-05-17 | CVE-2018-0279 | OS Command Injection vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to access the shell of the underlying Linux operating system on the affected device. | 8.8 |
| 2018-05-17 | CVE-2018-0277 | Improper Certificate Validation vulnerability in Cisco Identity Services Engine A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. | 8.6 |
| 2018-05-17 | CVE-2018-0270 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco IOT Field Network Director 4.2(0.4) A vulnerability in the web-based management interface of Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and alter the data of existing users and groups on an affected device. | 8.8 |
| 2018-05-16 | CVE-2018-4850 | Unspecified vulnerability in Siemens Simatic S7-400 Firmware and Simatic S7-400H Firmware A vulnerability has been identified in SIMATIC S7-400 (incl. | 7.5 |