Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-16 | CVE-2018-12453 | Incorrect Type Conversion or Cast vulnerability in Redislabs Redis Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. | 7.5 |
| 2018-06-16 | CVE-2018-12504 | Reachable Assertion vulnerability in Tinyexr Project Tinyexr 0.9.5 tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h. | 7.5 |
| 2018-06-16 | CVE-2018-9859 | Unspecified vulnerability in Navercorp Whale The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. | 8.1 |
| 2018-06-16 | CVE-2018-6497 | Deserialization of Untrusted Data vulnerability in Microfocus CMS Server and Universal Cmbd Server Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Server version DDM Content Pack V 10.20, 10.21, 10.22, 10.22 CUP7, 10.30, 10.31, 10.32, 10.33, 10.33 CUP2, 11.0 and CMS Server version 2018.05 BACKGROUND which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-06-16 | CVE-2018-6496 | Deserialization of Untrusted Data vulnerability in Microfocus Universal Cmbd Browser Remote Cross-site Request forgery (CSRF) potential has been identified in UCMBD Browser version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15, 4.15.1 which could allow for remote unsafe deserialization and cross-site request forgery (CSRF). | 8.8 |
| 2018-06-16 | CVE-2018-5752 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses. | 8.8 |
| 2018-06-16 | CVE-2018-11222 | Improper Input Validation vulnerability in Artica Pandora FMS Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | 7.5 |
| 2018-06-15 | CVE-2018-5863 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 7.8 |
| 2018-06-15 | CVE-2018-12492 | Improper Input Validation vulnerability in PHPok 4.9.032 PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | 7.5 |
| 2018-06-15 | CVE-2018-12035 | Out-of-bounds Write vulnerability in Virustotal Yara In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c. | 7.8 |