Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-14 | CVE-2018-0580 | Untrusted Search Path vulnerability in Celsys products Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series (CLIP STUDIO PAINT (for Windows) EX/PRO/DEBUT Ver.1.7.3 and earlier, CLIP STUDIO ACTION (for Windows) Ver.1.5.5 and earlier, with its timestamp prior to April 25, 2018, 12:11:31, and CLIP STUDIO MODELER (for Windows) Ver.1.6.3 and earlier, with its timestamp prior to April 25, 2018, 17:02:49) allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2018-05-14 | CVE-2018-0568 | Unrestricted Upload of File with Dangerous Type vulnerability in Sitebridge Joruri GW Unrestricted file upload vulnerability in SiteBridge Inc. | 8.8 |
| 2018-05-14 | CVE-2018-11035 | Improper Input Validation vulnerability in 2345.Cc Security Guard 3.7 In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019. | 7.8 |
| 2018-05-14 | CVE-2018-11034 | Improper Input Validation vulnerability in 2345.Cc Security Guard 3.7 In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D. | 7.8 |
| 2018-05-14 | CVE-2018-11033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xpdfreader Xpdf 4.00 The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. | 7.8 |
| 2018-05-13 | CVE-2018-11018 | Cross-Site Request Forgery (CSRF) vulnerability in Pbootcms 1.0.7 An issue was discovered in PbootCMS v1.0.7. | 8.8 |
| 2018-05-13 | CVE-2018-11017 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libming The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | 8.8 |
| 2018-05-12 | CVE-2018-11004 | Cross-Site Request Forgery (CSRF) vulnerability in Sdcms 1.5 An issue was discovered in SDcms v1.5. | 8.8 |
| 2018-05-11 | CVE-2018-6619 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for attackers to crack database passwords by leveraging use of a weak hashing algorithm without a salt. | 7.8 |
| 2018-05-11 | CVE-2018-6618 | Insufficiently Protected Credentials vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to obtain sensitive information by leveraging cleartext password storage. | 7.8 |