Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-05 CVE-2018-13300 Out-of-bounds Read vulnerability in multiple products
In FFmpeg 3.2 and 4.0.1, an improper argument (AVCodecParameters) passed to the avpriv_request_sample function in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array read while converting a crafted AVI file to MPEG4, leading to a denial of service and possibly an information disclosure.
network
low complexity
ffmpeg debian CWE-125
8.1
2018-07-05 CVE-2018-3766 Path Traversal vulnerability in Buttle Project Buttle
Path traversal in buttle module versions <= 0.2.0 allows to read any file in the server.
network
low complexity
buttle-project CWE-22
7.5
2018-07-05 CVE-2018-3761 Improper Authentication vulnerability in Nextcloud Server
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint.
network
low complexity
nextcloud CWE-287
8.1
2018-07-05 CVE-2016-10522 Cross-Site Request Forgery (CSRF) vulnerability in Rails Admin Project Rails Admin
rails_admin ruby gem <v1.1.1 is vulnerable to cross-site request forgery (CSRF) attacks.
network
low complexity
rails-admin-project CWE-352
8.8
2018-07-05 CVE-2018-9185 Information Exposure vulnerability in Fortinet Fortios
An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature.
network
high complexity
fortinet CWE-200
8.1
2018-07-05 CVE-2018-8038 Improper Input Validation vulnerability in Apache CXF Fediz
Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.
network
low complexity
apache CWE-20
7.5
2018-07-05 CVE-2018-10885 Improper Input Validation vulnerability in Redhat Openshift
In atomic-openshift before version 3.10.9 a malicious network-policy configuration can cause Openshift Routing to crash when using ovs-networkpolicy plugin.
network
low complexity
redhat CWE-20
7.5
2018-07-05 CVE-2017-16773 Incorrect Authorization vulnerability in Synology Universal Search
Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode.
network
low complexity
synology CWE-863
8.8
2018-07-05 CVE-2018-13233 Integer Overflow or Wraparound vulnerability in GSI Project GSI
The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
network
low complexity
gsi-project CWE-190
7.5
2018-07-05 CVE-2018-13232 Integer Overflow or Wraparound vulnerability in Entercoin Project Entercoin
The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets.
network
low complexity
entercoin-project CWE-190
7.5