Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-06 CVE-2018-1000658 Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell.
network
low complexity
limesurvey CWE-434
8.8
8.8
2018-09-06 CVE-2018-16604 Code Injection vulnerability in Nibbleblog 4.0.5
An issue was discovered in Nibbleblog v4.0.5.
network
low complexity
nibbleblog CWE-94
7.2
7.2
2018-09-06 CVE-2018-1000773 Improper Input Validation vulnerability in Wordpress
WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600.
network
low complexity
wordpress CWE-20
8.8
8.8
2018-09-06 CVE-2018-16585 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An issue was discovered in Artifex Ghostscript before 9.24.
local
low complexity
artifex canonical debian CWE-119
7.8
7.8
2018-09-06 CVE-2018-14632 Out-of-bounds Write vulnerability in multiple products
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7.
network
low complexity
redhat starcounter-jack CWE-787
7.7
7.7
2018-09-06 CVE-2018-14624 A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16.
network
low complexity
fedoraproject redhat debian
7.5
7.5
2018-09-06 CVE-2018-11263 Improper Validation of Array Index vulnerability in Google Android
In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW.
low complexity
google CWE-129
8.8
8.8
2018-09-06 CVE-2017-1000600 Improper Input Validation vulnerability in Wordpress
WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution.
network
low complexity
wordpress CWE-20
8.8
8.8
2018-09-05 CVE-2018-16552 Cross-Site Request Forgery (CSRF) vulnerability in Micropyramid Django CRM 0.2
MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs.
network
low complexity
micropyramid CWE-352
8.8
8.8
2018-09-05 CVE-2018-16307 Information Exposure vulnerability in MI Xiaomi Miwifi Xiaomi 55Dd Firmware 2.8.50
An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices.
network
low complexity
mi CWE-200
7.5
7.5