Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-19 | CVE-2018-11724 | Out-of-bounds Read vulnerability in Libmobi Project Libmobi 0.3 The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | 8.8 |
| 2018-06-19 | CVE-2018-11116 | Incorrect Permission Assignment for Critical Resource vulnerability in Openwrt OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. | 8.8 |
| 2018-06-19 | CVE-2018-10945 | NULL Pointer Dereference vulnerability in Cesanta Mongoose 6.11 The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | 7.5 |
| 2018-06-19 | CVE-2018-10811 | Missing Initialization of Resource vulnerability in multiple products strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. | 7.5 |
| 2018-06-19 | CVE-2018-8727 | Path Traversal vulnerability in Mirasys Dvms Workstation 5.12.6 Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. | 7.5 |
| 2018-06-19 | CVE-2018-11526 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | 7.8 |
| 2018-06-19 | CVE-2018-11525 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Algolplus Advanced Order Export for Woocommerce The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. | 7.8 |
| 2018-06-19 | CVE-2018-12582 | Cross-Site Request Forgery (CSRF) vulnerability in Akcms Project Akcms 6.1 An issue was discovered in AKCMS 6.1. | 8.8 |
| 2018-06-19 | CVE-2018-1061 | python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. | 7.5 |
| 2018-06-19 | CVE-2018-12565 | Improper Input Validation vulnerability in multiple products An issue was discovered in Linaro LAVA before 2018.5.post1. | 8.8 |