Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2018-3607 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3606 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3605 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3604 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3603 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3602 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2015-1862 | Race Condition vulnerability in Abrt Project Abrt The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment. | 7.0 |
| 2018-02-09 | CVE-2014-3219 | Link Following vulnerability in multiple products fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | 7.8 |
| 2018-02-09 | CVE-2018-6508 | Use of Externally-Controlled Format String vulnerability in Puppet Enterprise 2017.3.0/2017.3.1/2017.3.2 Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. | 8.0 |
| 2018-02-09 | CVE-2018-1307 | XXE vulnerability in Apache Juddi In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. | 8.1 |