Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-12 | CVE-2017-13228 | Out-of-bounds Write vulnerability in Google Android In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. | 8.8 |
| 2018-02-12 | CVE-2016-9570 | NULL Pointer Dereference vulnerability in Carbonblack Carbon Black 5.1.1.60603 cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe. | 7.5 |
| 2018-02-12 | CVE-2018-6926 | OS Command Injection vulnerability in Misp 2.4.87 In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. | 7.2 |
| 2018-02-12 | CVE-2016-8742 | Permissions, Privileges, and Access Controls vulnerability in Apache Couchdb 2.0.0 The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. | 7.8 |
| 2018-02-12 | CVE-2016-5397 | Command Injection vulnerability in Apache Thrift The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. | 8.8 |
| 2018-02-12 | CVE-2017-18179 | Improper Authentication vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. | 8.8 |
| 2018-02-12 | CVE-2018-6889 | Code Injection vulnerability in Typesettercms Typesetter 5.1 An issue was discovered in Typesetter 5.1. | 8.8 |
| 2018-02-12 | CVE-2018-6888 | Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1 An issue was discovered in Typesetter 5.1. | 8.0 |
| 2018-02-12 | CVE-2018-6860 | Unrestricted Upload of File with Dangerous Type vulnerability in Schools Alert Management Script Project Schools Alert Management Script 2.0.2 Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. | 8.8 |
| 2018-02-09 | CVE-2018-1000058 | Deserialization of Untrusted Data vulnerability in Jenkins Pipeline Supporting Apis 2.15/2.16/2.17 Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. | 8.8 |