Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-06 | CVE-2018-5391 | Improper Input Validation vulnerability in multiple products The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. | 7.5 |
| 2018-09-06 | CVE-2018-1000669 | Cross-Site Request Forgery (CSRF) vulnerability in Koha KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments as paid for certain users on behalf of Administrators. | 8.8 |
| 2018-09-06 | CVE-2017-14026 | Improper Authentication vulnerability in Iceqube Thermal Management Center Firmware 3.18 In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information. | 7.5 |
| 2018-09-06 | CVE-2018-1000660 | Incorrect Permission Assignment for Critical Resource vulnerability in Tockos Tock 1.0/1.1 TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. | 7.5 |
| 2018-09-06 | CVE-2018-1000659 | Path Traversal vulnerability in Limesurvey LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. | 8.8 |
| 2018-09-06 | CVE-2018-1000658 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. | 8.8 |
| 2018-09-06 | CVE-2018-16604 | Code Injection vulnerability in Nibbleblog 4.0.5 An issue was discovered in Nibbleblog v4.0.5. | 7.2 |
| 2018-09-06 | CVE-2018-1000773 | Improper Input Validation vulnerability in Wordpress WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. | 8.8 |
| 2018-09-06 | CVE-2018-16585 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Artifex Ghostscript before 9.24. | 7.8 |
| 2018-09-06 | CVE-2018-14632 | Out-of-bounds Write vulnerability in multiple products An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. | 7.7 |