Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-10 | CVE-2018-16764 | Out-of-bounds Read vulnerability in Webassembly Virtual Machine Project Webassembly Virtual Machine In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read. | 8.8 |
| 2018-09-08 | CVE-2018-16733 | Improper Input Validation vulnerability in Ethereum GO Ethereum In Go Ethereum (aka geth) before 1.8.14, TraceChain in eth/api_tracer.go does not verify that the end block is after the start block. | 7.5 |
| 2018-09-08 | CVE-2018-16732 | Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.1 \upload\plugins\sys\admin\Setting.php in CScms 4.1 allows CSRF via admin.php/setting/ftp_save. | 8.8 |
| 2018-09-08 | CVE-2018-16715 | Incorrect Permission Assignment for Critical Resource vulnerability in Absolute Ctes Windows Agent 1.0.0.1479 An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. | 8.8 |
| 2018-09-07 | CVE-2018-16454 | Improper Input Validation vulnerability in Currency Converter Script Project Currency Converter Script 2.0.5 PHP Scripts Mall Currency Converter Script 2.0.5 allows remote attackers to cause a denial of service (web-interface change) via an inverted comma. | 7.5 |
| 2018-09-07 | CVE-2018-15552 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Theethereumlottery the Ethereum Lottery The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). | 7.5 |
| 2018-09-07 | CVE-2018-15483 | Improper Input Validation vulnerability in Kone Group Controller Firmware An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. | 7.5 |
| 2018-09-07 | CVE-2018-12897 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Solarwinds Dameware Mini Remote Control SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. | 7.8 |
| 2018-09-07 | CVE-2017-17691 | Insufficiently Protected Credentials vulnerability in Contronics Homeputer CL Studio FUR Homematic Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack. | 8.1 |
| 2018-09-07 | CVE-2018-16667 | Out-of-bounds Read vulnerability in Contiki-Ng Contiki-Ng. An issue was discovered in Contiki-NG through 4.1. | 7.0 |