Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2017-16744 Path Traversal vulnerability in Tridium Niagara and Niagara AX Framework
A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform (administrator) credentials.
network
low complexity
tridium CWE-22
7.2
2018-08-20 CVE-2016-7048 Improper Access Control vulnerability in Postgresql
The interactive installer in PostgreSQL before 9.3.15, 9.4.x before 9.4.10, and 9.5.x before 9.5.5 might allow remote attackers to execute arbitrary code by leveraging use of HTTP to download software.
network
high complexity
postgresql CWE-284
8.1
2018-08-20 CVE-2018-14079 Information Exposure vulnerability in Wi2Be Smart HP WMT R1.2.20201400922
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.
network
low complexity
wi2be CWE-200
7.5
2018-08-20 CVE-2018-14077 Unspecified vulnerability in Wi2Be Smart HP WMT R1.2.20201400922
Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg.
network
low complexity
wi2be
7.5
2018-08-20 CVE-2018-1000224 Missing Initialization of Resource vulnerability in Godotengine Godot
Godot Engine version All versions prior to 2.1.5, all 3.0 versions prior to 3.0.6.
network
low complexity
godotengine CWE-909
7.5
2018-08-20 CVE-2018-1000223 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Surina Soundtouch
soundtouch version up to and including 2.0.0 contains a Buffer Overflow vulnerability in SoundStretch/WavFile.cpp:WavInFile::readHeaderBlock() that can result in arbitrary code execution.
network
low complexity
surina CWE-119
8.8
2018-08-20 CVE-2018-1000222 Double Free vulnerability in multiple products
Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability in gdImageBmpPtr Function that can result in Remote Code Execution .
network
low complexity
libgd canonical debian CWE-415
8.8
2018-08-20 CVE-2018-1000216 Double Free vulnerability in Cjson Project Cjson
Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE.
network
low complexity
cjson-project CWE-415
8.8
2018-08-20 CVE-2018-1000215 Missing Release of Resource after Effective Lifetime vulnerability in Cjson Project Cjson
Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS).
network
low complexity
cjson-project CWE-772
7.5
2018-08-20 CVE-2018-1000657 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Rust-Lang Rust
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published..
local
low complexity
rust-lang CWE-119
7.8