Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-11 CVE-2018-10893 Unspecified vulnerability in Spice Project Spice
Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames.
network
low complexity
spice-project
8.8
2018-09-11 CVE-2018-10853 Improper Privilege Management vulnerability in multiple products
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor.
local
low complexity
canonical debian linux CWE-269
7.8
2018-09-11 CVE-2016-7066 Permission Issues vulnerability in Redhat Jboss Enterprise Application Platform
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
local
low complexity
redhat CWE-275
7.8
2018-09-11 CVE-2016-7070 Permissions, Privileges, and Access Controls vulnerability in Redhat Ansible Tower
A privilege escalation flaw was found in the Ansible Tower.
low complexity
redhat CWE-264
8.0
2018-09-11 CVE-2016-7069 Improper Input Validation vulnerability in Powerdns Dnsdist 1.2.0
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend.
network
low complexity
powerdns CWE-20
7.5
2018-09-11 CVE-2016-7068 Resource Exhaustion vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded.
network
low complexity
powerdns debian CWE-400
7.5
2018-09-11 CVE-2016-0750 Deserialization of Untrusted Data vulnerability in Infinispan
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events.
network
low complexity
infinispan CWE-502
8.8
2018-09-11 CVE-2018-1571 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system.
network
low complexity
ibm
8.8
2018-09-11 CVE-2018-16807 Missing Release of Resource after Effective Lifetime vulnerability in BRO
In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser.
network
low complexity
bro CWE-772
7.5
2018-09-10 CVE-2018-11775 Improper Certificate Validation vulnerability in multiple products
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server.
network
high complexity
apache oracle CWE-295
7.4