Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-28 | CVE-2018-11516 | Use After Free vulnerability in Videolan VLC Media Player 3.0.0/3.0.1 The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | 8.8 |
| 2018-05-28 | CVE-2018-11514 | Unrestricted Upload of File with Dangerous Type vulnerability in Naukri Clone Script Project Naukri Clone Script 3.0.3 PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php. | 8.8 |
| 2018-05-28 | CVE-2018-11506 | Out-of-bounds Write vulnerability in multiple products The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | 7.8 |
| 2018-05-26 | CVE-2018-11505 | Information Exposure vulnerability in Werewolf Online Project Werewolf Online 0.8.8 The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. | 7.5 |
| 2018-05-26 | CVE-2018-11501 | Cross-site Scripting vulnerability in Website Seller Script Project Website Seller Script 2.0.3 PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | 8.8 |
| 2018-05-26 | CVE-2018-11500 | Cross-Site Request Forgery (CSRF) vulnerability in Publiccms 4.0.20180210 An issue was discovered in PublicCMS V4.0.20180210. | 8.8 |
| 2018-05-26 | CVE-2018-11498 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lizard Project Lizard and LZ5 In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). | 7.8 |
| 2018-05-26 | CVE-2018-11494 | Unrestricted Upload of File with Dangerous Type vulnerability in Opencart The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | 8.0 |
| 2018-05-26 | CVE-2018-11493 | Cross-Site Request Forgery (CSRF) vulnerability in Wuzhicms Wuzhi CMS 4.1.0 An issue was discovered in WUZHI CMS 4.1.0. | 8.8 |
| 2018-05-26 | CVE-2018-11490 | Improper Validation of Array Index vulnerability in multiple products The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. | 8.8 |