Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-06 | CVE-2014-1226 | Permissions, Privileges, and Access Controls vulnerability in S3Dvt Project S3Dvt 0.2.2 The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. | 7.8 |
| 2018-04-06 | CVE-2013-6876 | Permissions, Privileges, and Access Controls vulnerability in S3Dvt Project S3Dvt 0.2.2 The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. | 7.8 |
| 2018-04-06 | CVE-2014-5072 | Cross-Site Request Forgery (CSRF) vulnerability in Wpsecurityauditlog WP Security Audit LOG Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 8.8 |
| 2018-04-06 | CVE-2014-5034 | Cross-Site Request Forgery (CSRF) vulnerability in Fresh-Media Brute Force Login Protection 1.3 Cross-site request forgery (CSRF) vulnerability in the Brute Force Login Protection module 1.3 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that have unknown impact via a crafted request to the brute-force-login-protection page to wp-admin/options-general.php. | 8.8 |
| 2018-04-06 | CVE-2018-7506 | Information Exposure vulnerability in Moxa Mxview The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information. | 7.5 |
| 2018-04-06 | CVE-2018-1272 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. | 7.5 |
| 2018-04-06 | CVE-2018-1000156 | Improper Input Validation vulnerability in multiple products GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. | 7.8 |
| 2018-04-05 | CVE-2017-12090 | Resource Exhaustion vulnerability in Rockwellautomation Micrologix 1400 B Firmware An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. | 7.5 |
| 2018-04-05 | CVE-2017-12089 | Unspecified vulnerability in Rockwellautomation Micrologix 1400 B Firmware An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. | 7.5 |
| 2018-04-05 | CVE-2017-12088 | Improper Input Validation vulnerability in Rockwellautomation Micrologix 1400 B Firmware An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. | 7.5 |