Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-09 | CVE-2018-10831 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Zclassic Z-Nomp Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. | 7.5 |
| 2018-05-09 | CVE-2018-10827 | Resource Exhaustion vulnerability in Litecart LiteCart before 2.1.2 allows remote attackers to cause a denial of service (memory consumption) via URIs that do not exist, because public_html/logs/not_found.log grows without bound, and is loaded into memory for each request. | 7.5 |
| 2018-05-09 | CVE-2018-10705 | Unspecified vulnerability in Auroradao Aura The Owned smart contract implementation for Aurora DAO (AURA), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. | 7.5 |
| 2018-05-08 | CVE-2015-1503 | Path Traversal vulnerability in Icewarp Mail Server Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. | 7.5 |
| 2018-05-08 | CVE-2018-8897 | Race Condition vulnerability in multiple products A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. | 7.8 |
| 2018-05-08 | CVE-2017-2594 | Path Traversal vulnerability in Hawt Hawtio hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. | 7.5 |
| 2018-05-08 | CVE-2018-1000179 | NULL Pointer Dereference vulnerability in multiple products A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service. | 7.5 |
| 2018-05-08 | CVE-2018-1000168 | NULL Pointer Dereference vulnerability in multiple products nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. | 7.5 |
| 2018-05-08 | CVE-2018-1247 | XXE vulnerability in RSA Authentication Manager RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. | 7.1 |
| 2018-05-08 | CVE-2018-1239 | OS Command Injection vulnerability in Dell products Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. | 7.2 |