Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-13 CVE-2018-7162 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5
2018-06-13 CVE-2018-7161 Improper Input Validation vulnerability in Nodejs Node.Js
All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH.
network
low complexity
nodejs CWE-20
7.5
2018-06-13 CVE-2018-12321 Out-of-bounds Read vulnerability in Radare Radare2 2.6.0
There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.
local
low complexity
radare CWE-125
7.8
2018-06-13 CVE-2018-12320 Use After Free vulnerability in Radare Radare2 2.6.0
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.
local
low complexity
radare CWE-416
7.8
2018-06-13 CVE-2018-11806 Out-of-bounds Write vulnerability in multiple products
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
local
low complexity
qemu canonical redhat debian CWE-787
8.2
2018-06-13 CVE-2018-11406 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
low complexity
sensiolabs debian CWE-352
8.8
2018-06-13 CVE-2018-11385 Session Fixation vulnerability in multiple products
An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11.
network
high complexity
sensiolabs debian fedoraproject CWE-384
8.1
2018-06-13 CVE-2018-1431 Unspecified vulnerability in IBM General Parallel File System and Spectrum Scale
A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify files in the Spectrum Scale file system, and possibly to obtain administrator privileges on the node.
local
low complexity
ibm
7.8
2018-06-13 CVE-2018-12291 Unspecified vulnerability in Matrix Synapse
The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.
network
low complexity
matrix
7.5
2018-06-13 CVE-2018-12265 Integer Overflow or Wraparound vulnerability in multiple products
Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp.
network
low complexity
exiv2 debian canonical CWE-190
8.8