Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-29 | CVE-2018-12994 | Code Injection vulnerability in Onefilecms onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen. | 8.8 |
| 2018-06-29 | CVE-2018-12988 | Improper Input Validation vulnerability in Greencms 2.3.0603 GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI. | 7.5 |
| 2018-06-29 | CVE-2018-12983 | Out-of-bounds Read vulnerability in Podofo Project Podofo 0.9.6 A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file. | 7.8 |
| 2018-06-28 | CVE-2018-12934 | Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.30 remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). | 7.5 |
| 2018-06-28 | CVE-2018-12931 | Out-of-bounds Write vulnerability in multiple products ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. | 7.8 |
| 2018-06-28 | CVE-2018-12930 | Out-of-bounds Write vulnerability in multiple products ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem. | 7.8 |
| 2018-06-28 | CVE-2018-12589 | Untrusted Search Path vulnerability in Polarisoffice Polaris Office 2017 8.1 Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. | 7.8 |
| 2018-06-28 | CVE-2018-12927 | Information Exposure vulnerability in Northernnep Northern Electric & Power Inverter Firmware Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. | 7.5 |
| 2018-06-28 | CVE-2018-12926 | Information Exposure vulnerability in Pharoscontrols Pharos Firmware Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. | 7.5 |
| 2018-06-28 | CVE-2018-12923 | Information Exposure vulnerability in Bwssystems HA Bridge BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. | 7.5 |