Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-27 CVE-2018-4888 Use After Free vulnerability in Adobe products
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions.
network
low complexity
adobe CWE-416
8.8
2018-02-26 CVE-2018-7490 Path Traversal vulnerability in multiple products
uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, allowing directory traversal.
network
low complexity
unbit debian CWE-22
7.5
2018-02-26 CVE-2017-11635 Information Exposure vulnerability in - Wireless IP Camera 360
An issue was discovered on Wireless IP Camera 360 devices.
network
low complexity
CWE-200
7.5
2018-02-26 CVE-2017-11633 Unspecified vulnerability in - Wireless IP Camera 360
An issue was discovered on Wireless IP Camera 360 devices.
network
low complexity
7.5
2018-02-26 CVE-2018-7249 Use After Free vulnerability in multiple products
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc.
local
high complexity
microsoft tivo CWE-416
7.0
2018-02-26 CVE-2018-7491 Improper Restriction of Rendered UI Layers or Frames vulnerability in Prestashop
In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values.
network
low complexity
prestashop CWE-1021
7.5
2018-02-26 CVE-2018-7448 OS Command Injection vulnerability in Cmsmadesimple CMS Made Simple 2.1.6
Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure.
network
high complexity
cmsmadesimple CWE-78
7.5
2018-02-26 CVE-2018-7487 Out-of-bounds Write vulnerability in multiple products
There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp in sam2p 0.49.4.
local
low complexity
sam2p-project debian CWE-787
7.8
2018-02-26 CVE-2018-7486 Path Traversal vulnerability in Blueriver Muracms
Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code.
network
low complexity
blueriver CWE-22
7.2
2018-02-26 CVE-2018-1377 Insufficiently Protected Credentials vulnerability in IBM Security Guardium BIG Data Intelligence 3.1
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user credentials in plain in clear text which can be read by a local user.
local
low complexity
ibm CWE-522
7.8