Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-06 CVE-2018-1265 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers.
network
low complexity
pivotal-software cloudfoundry CWE-434
7.2
2018-06-06 CVE-2017-7906 Cross-Site Request Forgery (CSRF) vulnerability in ABB IP Gateway Firmware 3.39
In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently verify that a request was performed by the authenticated user, which may allow an attacker to launch a request impersonating that user.
network
low complexity
abb CWE-352
8.8
2018-06-06 CVE-2018-1000203 Unspecified vulnerability in Soarlabs Soarcoin 4A2Aa71Ee21014E2880A3F7Aad11091Ed6Ad434F
Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function zero_fee_transaction() that can result in theft of Soar Coins by the "onlycentralAccount" (Soar Labs) after payment is processed.
network
low complexity
soarlabs
7.5
2018-06-06 CVE-2018-1456 XXE vulnerability in IBM products
IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data.
network
low complexity
ibm CWE-611
7.1
2018-06-06 CVE-2018-11813 Excessive Iteration vulnerability in IJG Libjpeg 9C
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF.
network
low complexity
ijg CWE-834
7.5
2018-06-05 CVE-2018-7884 Untrusted Search Path vulnerability in Displaylink Core Software Cleaner 8.2.1956
An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956.
local
low complexity
displaylink CWE-426
7.8
2018-06-05 CVE-2018-10058 Out-of-bounds Write vulnerability in multiple products
The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.
network
low complexity
cgminer-project bfgminer CWE-787
8.8
2018-06-05 CVE-2018-1000197 Incorrect Authorization vulnerability in Jenkins Black Duck HUB
An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration.
network
low complexity
jenkins CWE-863
8.1
2018-06-05 CVE-2018-1000194 Path Traversal vulnerability in multiple products
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection.
network
low complexity
jenkins oracle CWE-22
8.1
2018-06-05 CVE-2017-7635 Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server
QNAP NAS application Proxy Server through version 1.2.0 does not utilize CSRF protections.
network
low complexity
qnap CWE-352
8.8