Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-03 CVE-2018-14926 Cross-Site Request Forgery (CSRF) vulnerability in Matera Banco 1.0.0
Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.
network
low complexity
matera CWE-352
8.8
2018-08-03 CVE-2018-14923 Improper Input Validation vulnerability in Uniview Ezplayer 1.0.6
A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.
local
low complexity
uniview CWE-20
7.8
2018-08-03 CVE-2018-5490 Incorrect Permission Assignment for Critical Resource vulnerability in Netapp Clustered Data Ontap
Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients.
network
low complexity
netapp CWE-732
8.8
2018-08-03 CVE-2018-14912 Path Traversal vulnerability in multiple products
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.
network
low complexity
cgit-project debian CWE-22
7.5
2018-08-03 CVE-2018-14911 Unrestricted Upload of File with Dangerous Type vulnerability in Ukcms
A file upload vulnerability exists in ukcms v1.1.7 and earlier.
network
low complexity
ukcms CWE-434
7.2
2018-08-03 CVE-2018-14910 Code Injection vulnerability in Seacms 6.61
SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php).
network
low complexity
seacms CWE-94
8.8
2018-08-03 CVE-2018-7748 Code Injection vulnerability in Servicenow Jakarta
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
network
low complexity
servicenow CWE-94
8.8
2018-08-03 CVE-2018-14908 Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61
Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.
network
low complexity
samsung CWE-352
8.8
2018-08-03 CVE-2018-14715 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cryptogs
The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash.
network
low complexity
cryptogs CWE-338
7.5
2018-08-03 CVE-2018-14576 Integer Overflow or Wraparound vulnerability in Suncontract
The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.
network
low complexity
suncontract CWE-190
7.5