Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-08-03 | CVE-2018-14926 | Cross-Site Request Forgery (CSRF) vulnerability in Matera Banco 1.0.0 Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. | 8.8 |
2018-08-03 | CVE-2018-14923 | Improper Input Validation vulnerability in Uniview Ezplayer 1.0.6 A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback. | 7.8 |
2018-08-03 | CVE-2018-5490 | Incorrect Permission Assignment for Critical Resource vulnerability in Netapp Clustered Data Ontap Read-Only export policy rules are not correctly enforced in Clustered Data ONTAP 8.3 Release Candidate versions and therefore may allow more than "read-only" access from authenticated SMBv2 and SMBv3 clients. | 8.8 |
2018-08-03 | CVE-2018-14912 | Path Traversal vulnerability in multiple products cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. | 7.5 |
2018-08-03 | CVE-2018-14911 | Unrestricted Upload of File with Dangerous Type vulnerability in Ukcms A file upload vulnerability exists in ukcms v1.1.7 and earlier. | 7.2 |
2018-08-03 | CVE-2018-14910 | Code Injection vulnerability in Seacms 6.61 SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). | 8.8 |
2018-08-03 | CVE-2018-7748 | Code Injection vulnerability in Servicenow Jakarta report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter. | 8.8 |
2018-08-03 | CVE-2018-14908 | Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61 Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | 8.8 |
2018-08-03 | CVE-2018-14715 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cryptogs The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. | 7.5 |
2018-08-03 | CVE-2018-14576 | Integer Overflow or Wraparound vulnerability in Suncontract The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable. | 7.5 |