Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-05 | CVE-2018-13300 | Out-of-bounds Read vulnerability in multiple products In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure. | 8.1 |
| 2018-07-05 | CVE-2018-3766 | Path Traversal vulnerability in Buttle Project Buttle Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server. | 7.5 |
| 2018-07-05 | CVE-2018-3761 | Improper Authentication vulnerability in Nextcloud Server Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. | 8.1 |
| 2018-07-05 | CVE-2016-10522 | Cross-Site Request Forgery (CSRF) vulnerability in Rails Admin Project Rails Admin rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks. | 8.8 |
| 2018-07-05 | CVE-2018-9185 | Information Exposure vulnerability in Fortinet Fortios An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature. | 8.1 |
| 2018-07-05 | CVE-2018-8038 | Improper Input Validation vulnerability in Apache CXF Fediz Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. | 7.5 |
| 2018-07-05 | CVE-2018-10885 | Improper Input Validation vulnerability in Redhat Openshift In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin. | 7.5 |
| 2018-07-05 | CVE-2017-16773 | Incorrect Authorization vulnerability in Synology Universal Search Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. | 8.8 |
| 2018-07-05 | CVE-2018-13233 | Integer Overflow or Wraparound vulnerability in GSI Project GSI The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 7.5 |
| 2018-07-05 | CVE-2018-13232 | Integer Overflow or Wraparound vulnerability in Entercoin Project Entercoin The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | 7.5 |