Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-02 | CVE-2018-8039 | Improper Handling of Exceptional Conditions vulnerability in multiple products It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. | 8.1 |
| 2018-07-02 | CVE-2018-10874 | Unspecified vulnerability in Redhat products In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | 7.8 |
| 2018-07-02 | CVE-2018-13049 | SQL Injection vulnerability in Glpi-Project Glpi The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. | 8.8 |
| 2018-07-01 | CVE-2018-13041 | Integer Overflow or Wraparound vulnerability in Linktoken Project Linktoken The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value. | 7.5 |
| 2018-07-01 | CVE-2018-13040 | Cross-Site Request Forgery (CSRF) vulnerability in Opendesa Opensid 18.06Pasca OpenSID 18.06-pasca has a CSRF vulnerability. | 8.8 |
| 2018-07-01 | CVE-2018-13037 | Out-of-bounds Write vulnerability in Jpeg-Compressor Project Jpeg Compressor 0.1 An issue was discovered in jpeg-compressor 0.1. | 7.8 |
| 2018-07-01 | CVE-2018-13032 | Cross-Site Request Forgery (CSRF) vulnerability in Ecessa Shieldlink Sl175Ehq Firmware 10.7.4 ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. | 8.8 |
| 2018-06-30 | CVE-2018-13030 | Out-of-bounds Write vulnerability in Jpeg-Compressor Project Jpeg Compressor 0.1 An issue was discovered in jpeg-compressor 0.1. | 7.8 |
| 2018-06-29 | CVE-2018-10860 | Path Traversal vulnerability in multiple products perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. | 7.5 |
| 2018-06-29 | CVE-2018-13024 | Unrestricted Upload of File with Dangerous Type vulnerability in Metinfo 6.0.0 Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. | 7.2 |