Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-12 CVE-2017-15842 Use After Free vulnerability in Google Android
Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
local
low complexity
google CWE-416
7.8
2018-06-12 CVE-2018-12254 SQL Injection vulnerability in Harmistechnology EK Rishta 2.10
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
network
low complexity
harmistechnology CWE-89
8.8
2018-06-12 CVE-2018-10509 Unspecified vulnerability in Trendmicro Officescan 11.0/Xg
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations.
network
low complexity
trendmicro
8.8
2018-06-12 CVE-2018-10508 Unspecified vulnerability in Trendmicro Officescan 11.0/Xg
A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations.
network
low complexity
trendmicro
8.8
2018-06-12 CVE-2018-5814 Race Condition vulnerability in multiple products
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
local
high complexity
linux debian canonical CWE-362
7.0
2018-06-12 CVE-2018-5718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Safensoft products
Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite before version 4.4.1 allows local users to cause a denial of service (BSOD) or modify kernel-mode memory via loading of a forged DLL into an user-mode process.
local
low complexity
safensoft CWE-119
7.1
2018-06-12 CVE-2018-2424 Improper Input Validation vulnerability in SAP products
SAP UI5 did not validate user input before adding it to the DOM structure.
network
low complexity
sap CWE-20
7.5
2018-06-12 CVE-2011-4182 Improper Input Validation vulnerability in Opensuse Sysconfig
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code.
network
high complexity
opensuse CWE-20
8.1
2018-06-12 CVE-2018-12249 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in mruby 1.4.1.
network
low complexity
mruby debian CWE-476
7.5
2018-06-12 CVE-2018-12248 Out-of-bounds Read vulnerability in Mruby 1.4.1
An issue was discovered in mruby 1.4.1.
network
low complexity
mruby CWE-125
7.5