Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-10 | CVE-2017-1081 | Improper Input Validation vulnerability in Freebsd In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling. | 7.5 |
| 2018-04-10 | CVE-2018-9934 | Unspecified vulnerability in Metinfo 6.0.0 The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. | 8.8 |
| 2018-04-10 | CVE-2018-9927 | Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. | 8.8 |
| 2018-04-10 | CVE-2018-9926 | Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. | 8.8 |
| 2018-04-10 | CVE-2018-9923 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS through 7.0.7. | 8.8 |
| 2018-04-09 | CVE-2018-5463 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lcds Laquis Scada 4.1/4.1.0.3391 A structured exception handler overflow vulnerability in Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA 4.1.0.3391 and earlier may allow code execution. | 7.8 |
| 2018-04-09 | CVE-2018-9862 | Inappropriate Encoding for Output Context vulnerability in Hyper Runv 1.0.0 util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a "docker exec" command with that value in the -u argument, a similar issue to CVE-2016-3697. | 7.8 |
| 2018-04-09 | CVE-2018-1308 | XXE vulnerability in multiple products This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. | 7.5 |
| 2018-04-09 | CVE-2018-0556 | OS Command Injection vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2018-04-09 | CVE-2018-0555 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | 7.8 |