Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-16 CVE-2018-11222 Improper Input Validation vulnerability in Artica Pandora FMS
Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint.
network
low complexity
artica CWE-20
7.5
2018-06-15 CVE-2018-5863 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
local
low complexity
google CWE-119
7.8
2018-06-15 CVE-2018-12492 Improper Input Validation vulnerability in PHPok 4.9.032
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
network
low complexity
phpok CWE-20
7.5
2018-06-15 CVE-2018-12035 Out-of-bounds Write vulnerability in Virustotal Yara
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.
local
low complexity
virustotal CWE-787
7.8
2018-06-15 CVE-2018-12034 Out-of-bounds Read vulnerability in Virustotal Yara
In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.
local
low complexity
virustotal CWE-125
7.8
2018-06-15 CVE-2018-5857 Use After Free vulnerability in Google Android
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
local
low complexity
google CWE-416
7.8
2018-06-15 CVE-2018-5854 Out-of-bounds Write vulnerability in Google Android
A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel.
local
low complexity
google CWE-787
7.8
2018-06-15 CVE-2018-1460 Improper Privilege Management vulnerability in IBM Puredata System for Analytics 1.0.0
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root.
local
low complexity
ibm CWE-269
7.8
2018-06-15 CVE-2018-12457 Incorrect Permission Assignment for Critical Resource vulnerability in Expresscart Project Expresscart
expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header.
network
low complexity
expresscart-project CWE-732
8.8
2018-06-15 CVE-2018-12447 Integer Overflow or Wraparound vulnerability in Libbpg Project Libbpg 0.9.8
The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code execution.
network
low complexity
libbpg-project CWE-190
8.8