Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-04 | CVE-2017-13276 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. | 7.8 |
| 2018-04-04 | CVE-2018-9205 | Path Traversal vulnerability in Drupal Avatar Uploader 7.X1.0 Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. | 7.5 |
| 2018-04-04 | CVE-2018-6919 | Information Exposure vulnerability in Freebsd In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. | 7.5 |
| 2018-04-04 | CVE-2018-6918 | Infinite Loop vulnerability in Freebsd In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. | 7.5 |
| 2018-04-04 | CVE-2018-6917 | Integer Overflow or Wraparound vulnerability in Freebsd In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. | 7.5 |
| 2018-04-04 | CVE-2017-3965 | Cross-Site Request Forgery (CSRF) vulnerability in Mcafee Network Security Manager Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to perform unauthorized tasks such as retrieving internal system information or manipulating the database via specially crafted URLs. | 8.8 |
| 2018-04-04 | CVE-2017-18096 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Application Links The OAuth status rest resource in Atlassian Application Links before version 5.2.7, from 5.3.0 before 5.3.4 and from 5.4.0 before 5.4.3 allows remote attackers with administrative rights to access the content of internal network resources via a Server Side Request Forgery (SSRF) by creating an OAuth application link to a location they control and then redirecting access from the linked location's OAuth status rest resource to an internal location. | 7.2 |
| 2018-04-04 | CVE-2018-9274 | Missing Release of Resource after Effective Lifetime vulnerability in Wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. | 7.5 |
| 2018-04-04 | CVE-2018-9273 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. | 7.5 |
| 2018-04-04 | CVE-2018-9272 | Missing Release of Resource after Effective Lifetime vulnerability in Wireshark In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. | 7.5 |