Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-23 CVE-2018-7441 Race Condition vulnerability in Leptonica
Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.
local
high complexity
leptonica CWE-362
7.0
7.0
2018-02-23 CVE-2018-7439 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeXL before 1.0.5.
network
low complexity
freexl-project debian CWE-125
8.8
8.8
2018-02-23 CVE-2018-7438 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeXL before 1.0.5.
network
low complexity
freexl-project debian CWE-125
8.8
8.8
2018-02-23 CVE-2018-7437 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeXL before 1.0.5.
network
low complexity
freexl-project debian CWE-125
8.8
8.8
2018-02-23 CVE-2018-7436 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeXL before 1.0.5.
network
low complexity
freexl-project debian CWE-125
8.8
8.8
2018-02-23 CVE-2018-7435 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in FreeXL before 1.0.5.
network
low complexity
freexl-project debian CWE-125
8.8
8.8
2018-02-23 CVE-2018-6764 Origin Validation Error vulnerability in multiple products
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
local
low complexity
redhat debian canonical CWE-346
7.8
7.8
2018-02-23 CVE-2018-0520 Cross-Site Request Forgery (CSRF) vulnerability in FSI Fs010W Firmware 1.3.0
Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.
network
low complexity
fsi CWE-352
8.8
8.8
2018-02-23 CVE-2018-7339 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mp4V2 Project Mp4V2
The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles Entry Number validation for the MP4 Table Property, which allows remote attackers to cause a denial of service (overflow, insufficient memory allocation, and segmentation fault) or possibly have unspecified other impact via a crafted mp4 file.
network
low complexity
mp4v2-project CWE-119
8.8
8.8
2018-02-22 CVE-2018-0015 Missing Authorization vulnerability in Juniper Appformix
A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege.
network
high complexity
juniper CWE-862
7.5
7.5