Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-02 CVE-2017-16349 XXE vulnerability in SAP Business Planning and Consolidation
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC.
network
low complexity
sap CWE-611
8.1
2018-08-02 CVE-2018-10921 Integer Overflow or Wraparound vulnerability in Ttembed Project Ttembed
Certain input files may trigger an integer overflow in ttembed input file processing.
network
low complexity
ttembed-project CWE-190
7.5
2018-08-02 CVE-2017-9118 Out-of-bounds Read vulnerability in multiple products
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
network
low complexity
php netapp CWE-125
7.5
2018-08-02 CVE-2018-1336 Infinite Loop vulnerability in multiple products
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.
network
low complexity
apache redhat debian canonical CWE-835
7.5
2018-08-01 CVE-2018-3939 Use After Free vulnerability in Foxitsoftware Foxit Reader
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096.
network
low complexity
foxitsoftware CWE-416
8.8
2018-08-01 CVE-2018-3924 Use After Free vulnerability in Foxitsoftware Foxit Reader
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096.
local
low complexity
foxitsoftware CWE-416
7.8
2018-08-01 CVE-2018-12468 Unrestricted Upload of File with Dangerous Type vulnerability in Microfocus Groupwise 18/18.0.1
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on the server.
network
low complexity
microfocus CWE-434
7.2
2018-08-01 CVE-2018-0413 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Identity Services Engine Software
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2018-08-01 CVE-2018-3847 Out-of-bounds Write vulnerability in Nasa Cfitsio 3.42
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42.
network
low complexity
nasa CWE-787
8.8
2018-08-01 CVE-2018-8034 Improper Certificate Validation vulnerability in multiple products
The host name verification when using TLS with the WebSocket client was missing.
network
low complexity
apache debian canonical oracle CWE-295
7.5