Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-15 | CVE-2018-12034 | Out-of-bounds Read vulnerability in Virustotal Yara In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. | 7.8 |
| 2018-06-15 | CVE-2018-5857 | Use After Free vulnerability in Google Android In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 7.8 |
| 2018-06-15 | CVE-2018-5854 | Out-of-bounds Write vulnerability in Google Android A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | 7.8 |
| 2018-06-15 | CVE-2018-1460 | Improper Privilege Management vulnerability in IBM Puredata System for Analytics 1.0.0 IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. | 7.8 |
| 2018-06-15 | CVE-2018-12457 | Incorrect Permission Assignment for Critical Resource vulnerability in Expresscart Project Expresscart expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. | 8.8 |
| 2018-06-15 | CVE-2018-12447 | Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.8 The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution. | 8.8 |
| 2018-06-14 | CVE-2018-6516 | Unspecified vulnerability in Puppet Enterprise Client Tools 16.4.0/17.3.0/18.1.0 On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation. | 7.8 |
| 2018-06-14 | CVE-2018-12423 | Unspecified vulnerability in Matrix Synapse In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force. | 7.5 |
| 2018-06-14 | CVE-2018-12420 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Icehrm IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request. | 7.5 |
| 2018-06-14 | CVE-2018-8819 | XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5 An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. | 7.5 |