Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-19 | CVE-2018-12293 | Integer Overflow or Wraparound vulnerability in multiple products The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which could be abused by crafted HTML content. | 8.8 |
| 2018-06-19 | CVE-2018-11726 | Out-of-bounds Write vulnerability in Libmobi Project Libmobi 0.3 The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | 8.8 |
| 2018-06-19 | CVE-2018-11724 | Out-of-bounds Read vulnerability in Libmobi Project Libmobi 0.3 The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | 8.8 |
| 2018-06-19 | CVE-2018-11116 | Incorrect Permission Assignment for Critical Resource vulnerability in Openwrt OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. | 8.8 |
| 2018-06-19 | CVE-2018-10945 | NULL Pointer Dereference vulnerability in Cesanta Mongoose 6.11 The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function. | 7.5 |
| 2018-06-19 | CVE-2018-10811 | Missing Initialization of Resource vulnerability in multiple products strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. | 7.5 |
| 2018-06-19 | CVE-2018-8727 | Path Traversal vulnerability in Mirasys Dvms Workstation 5.12.6 Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. | 7.5 |
| 2018-06-19 | CVE-2018-11526 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Webtoffee Wordpress Comments Import and Export The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | 7.8 |
| 2018-06-19 | CVE-2018-11525 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Algolplus Advanced Order Export for Woocommerce The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. | 7.8 |
| 2018-06-19 | CVE-2018-12582 | Cross-Site Request Forgery (CSRF) vulnerability in Akcms Project Akcms 6.1 An issue was discovered in AKCMS 6.1. | 8.8 |