Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-14 | CVE-2018-7032 | Injection vulnerability in Myrepos Project Myrepos webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack. | 7.5 |
| 2018-02-14 | CVE-2017-1499 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM products IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. | 8.8 |
| 2018-02-14 | CVE-2018-2395 | Unspecified vulnerability in SAP Internet Graphics Server Under certain conditions a malicious user may retrieve information on SAP Internet Graphic Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, overwrite existing image or corrupt other type of files. | 8.8 |
| 2018-02-14 | CVE-2018-2393 | XXE vulnerability in SAP Internet Graphics Server Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | 7.5 |
| 2018-02-14 | CVE-2018-2392 | XXE vulnerability in SAP Internet Graphics Server Under certain conditions SAP Internet Graphics Server (IGS) 7.20, 7.20EXT, 7.45, 7.49, 7.53, fails to validate XML External Entity appropriately causing the SAP Internet Graphics Server (IGS) to become unavailable. | 7.5 |
| 2018-02-14 | CVE-2018-2381 | Missing Authorization vulnerability in SAP ERP Financials Information System 2.0 SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16; SAP_FIN 6.17, 6.18, 7.00, 7.20, 7.30 S4CORE 1.00, 1.01, 1.02) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 |
| 2018-02-14 | CVE-2018-2376 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | 8.1 |
| 2018-02-14 | CVE-2018-2375 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve application environments within that space. | 8.1 |
| 2018-02-14 | CVE-2018-2373 | Unspecified vulnerability in SAP Hana Extended Application Services 1.0 Under certain circumstances, a specific endpoint of the Controller's API could be misused by unauthenticated users to execute SQL statements that deliver information about system configuration in SAP HANA Extended Application Services, 1.0. | 7.5 |
| 2018-02-13 | CVE-2018-6910 | Exposure of Resource to Wrong Sphere vulnerability in Dedecms 5.7 DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. | 7.5 |