Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-01 | CVE-2018-7589 | Double Free vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 7.8 |
| 2018-03-01 | CVE-2018-7588 | Out-of-bounds Read vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 7.8 |
| 2018-03-01 | CVE-2018-7587 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cimg .220 An issue was discovered in CImg v.220. | 7.8 |
| 2018-03-01 | CVE-2018-7586 | Path Traversal vulnerability in Imagely Nextgen Gallery In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery paths are not secured. | 7.5 |
| 2018-03-01 | CVE-2017-15134 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. | 7.5 |
| 2018-03-01 | CVE-2018-7048 | Resource Exhaustion vulnerability in Wowza Streaming Engine An issue was discovered in Wowza Streaming Engine before 4.7.1. | 7.5 |
| 2018-03-01 | CVE-2017-18209 | NULL Pointer Dereference vulnerability in multiple products In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ImageMagick 7.0.7, a NULL pointer dereference vulnerability occurs because a memory allocation result is not checked, related to GetOpenCLCacheDirectory. | 8.8 |
| 2018-03-01 | CVE-2017-9286 | Unspecified vulnerability in Opensuse Leap 42.3 The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade. | 8.8 |
| 2018-03-01 | CVE-2017-9274 | OS Command Injection vulnerability in Opensuse Obs-Service-Source Validator A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs. | 7.8 |
| 2018-03-01 | CVE-2017-7436 | Improper Input Validation vulnerability in Opensuse Libzypp In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system. | 8.1 |