Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-10 | CVE-2018-16797 | Out-of-bounds Write vulnerability in Kakaocorp Potplayer 1.7.8556 A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small Data_Chunk_Size value. | 7.8 |
| 2018-09-10 | CVE-2018-16608 | Authorization Bypass Through User-Controlled Key vulnerability in Monstra 3.0.4 In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). | 8.8 |
| 2018-09-10 | CVE-2018-15886 | Code Injection vulnerability in Monstra 3.0.4 Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a <?php substring. | 7.2 |
| 2018-09-10 | CVE-2018-14625 | A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. | 7.0 |
| 2018-09-10 | CVE-2018-16790 | Out-of-bounds Read vulnerability in Mongodb Libbson 1.12.0 _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. | 8.1 |
| 2018-09-10 | CVE-2018-16782 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Entropymine Imageworsener 1.3.2 libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. | 8.8 |
| 2018-09-10 | CVE-2018-16774 | Path Traversal vulnerability in Hongcms Project Hongcms 3.0.0 HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. | 7.5 |
| 2018-09-10 | CVE-2018-16770 | Unspecified vulnerability in Webassembly Virtual Machine Project Webassembly Virtual Machine In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. | 8.8 |
| 2018-09-10 | CVE-2018-16769 | Unspecified vulnerability in Webassembly Virtual Machine Project Webassembly Virtual Machine In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. | 8.8 |
| 2018-09-10 | CVE-2018-16768 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Webassembly Virtual Machine Project Webassembly Virtual Machine In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end. | 8.8 |