Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-11 | CVE-2017-3200 | Deserialization of Untrusted Data vulnerability in Graniteds 3.1.1 The Java implementation of AMF3 deserializers used in GraniteDS, version 3.1.1.G, may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. | 8.1 |
| 2018-06-11 | CVE-2017-3199 | Deserialization of Untrusted Data vulnerability in Graniteds 3.1.1 The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deserializers derives class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. | 8.1 |
| 2018-06-11 | CVE-2011-4181 | Improper Input Validation vulnerability in Opensuse Open Build Service A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. | 7.5 |
| 2018-06-11 | CVE-2018-12112 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Md4C Project Md4C 0.2.6 md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file. | 7.8 |
| 2018-06-11 | CVE-2018-12110 | SQL Injection vulnerability in Portfoliocms Project Portfoliocms 1.0.5 portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter. | 7.2 |
| 2018-06-11 | CVE-2018-12109 | Out-of-bounds Write vulnerability in Flif 0.3 An issue was discovered in Free Lossless Image Format (FLIF) 0.3. | 7.8 |
| 2018-06-11 | CVE-2018-12093 | Missing Release of Resource after Effective Lifetime vulnerability in Tinyexr Project Tinyexr 0.9.5 tinyexr 0.9.5 has a memory leak in ParseEXRHeaderFromMemory in tinyexr.h. | 7.5 |
| 2018-06-11 | CVE-2018-12089 | Information Exposure vulnerability in Octopus Server In Octopus Deploy version 2018.5.1 to 2018.5.7, a user with Task View is able to view a password for a Service Fabric Cluster, when the Service Fabric Cluster target is configured in Azure Active Directory security mode and a deployment is executed with OctopusPrintVariables set to True. | 7.5 |
| 2018-06-11 | CVE-2018-12025 | Integer Underflow (Wrap or Wraparound) vulnerability in Futurxe The transferFrom function of a smart contract implementation for FuturXE (FXE), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized transfer of digital assets because of a logic error. | 7.5 |
| 2018-06-10 | CVE-2018-12088 | Improper Input Validation vulnerability in S3Ql Project S3Ql S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. | 7.5 |