Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-23 | CVE-2018-12694 | Improper Input Validation vulnerability in Tp-Link Tl-Wa850Re Firmware TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json. | 7.5 |
| 2018-06-23 | CVE-2018-12692 | OS Command Injection vulnerability in Tp-Link Tl-Wa850Re Firmware TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the wps_setup_pin parameter to /data/wps.setup.json. | 8.8 |
| 2018-06-22 | CVE-2018-12687 | Reachable Assertion vulnerability in Tinyexr Project Tinyexr 0.9.5 tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h. | 7.5 |
| 2018-06-22 | CVE-2018-12684 | Out-of-bounds Read vulnerability in Civetweb Project Civetweb Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file. | 7.1 |
| 2018-06-22 | CVE-2018-12538 | Session Fixation vulnerability in multiple products In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage for the FileSessionDataStore. | 8.8 |
| 2018-06-22 | CVE-2018-1000201 | Untrusted Search Path vulnerability in Ruby-Ffi Project Ruby-Ffi ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later. | 7.8 |
| 2018-06-22 | CVE-2018-12636 | SQL Injection vulnerability in Ithemes Security The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. | 7.2 |
| 2018-06-22 | CVE-2018-12659 | Cross-Site Request Forgery (CSRF) vulnerability in Slims Akasia Project Slims Akasia 8.3.1 SLiMS 8 Akasia 8.3.1 allows remote attackers to bypass the CSRF protection mechanism and obtain admin access by omitting the csrf_token parameter. | 8.8 |
| 2018-06-22 | CVE-2018-12648 | NULL Pointer Dereference vulnerability in Exempi Project Exempi 2.4.5 The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. | 7.5 |
| 2018-06-22 | CVE-2017-7466 | Improper Input Validation vulnerability in Redhat Ansible Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. | 8.0 |