Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-06 | CVE-2018-1000773 | Improper Input Validation vulnerability in Wordpress WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. | 8.8 |
| 2018-09-06 | CVE-2018-16585 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An issue was discovered in Artifex Ghostscript before 9.24. | 7.8 |
| 2018-09-06 | CVE-2018-14632 | Out-of-bounds Write vulnerability in multiple products An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. | 7.7 |
| 2018-09-06 | CVE-2018-14624 | A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. | 7.5 |
| 2018-09-06 | CVE-2018-11263 | Improper Validation of Array Index vulnerability in Google Android In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. | 8.8 |
| 2018-09-06 | CVE-2017-1000600 | Improper Input Validation vulnerability in Wordpress WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. | 8.8 |
| 2018-09-05 | CVE-2018-16552 | Cross-Site Request Forgery (CSRF) vulnerability in Micropyramid Django CRM 0.2 MicroPyramid Django-CRM 0.2 allows CSRF for /users/create/, /users/##/edit/, and /accounts/##/delete/ URIs. | 8.8 |
| 2018-09-05 | CVE-2018-16307 | Information Exposure vulnerability in MI Xiaomi Miwifi Xiaomi 55Dd Firmware 2.8.50 An "Out-of-band resource load" issue was discovered on Xiaomi MIWiFi Xiaomi_55DD Version 2.8.50 devices. | 7.5 |
| 2018-09-05 | CVE-2018-16146 | OS Command Injection vulnerability in Opsview 5.4.0/5.4.1 The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. | 7.2 |
| 2018-09-05 | CVE-2018-16145 | Incorrect Permission Assignment for Critical Resource vulnerability in Opsview The /etc/init.d/opsview-reporting-module script that runs at boot time in Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 invokes a file that can be edited by the nagios user, and would allow attackers to elevate their privileges to root after a system restart, hence obtaining full control of the appliance. | 8.1 |