Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-08 | CVE-2018-10380 | Link Following vulnerability in multiple products kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | 7.8 |
| 2018-05-08 | CVE-2018-10809 | Improper Input Validation vulnerability in 2345 Security Guard Project 2345 Security Guard 3.7 In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. | 7.8 |
| 2018-05-08 | CVE-2018-10796 | Improper Input Validation vulnerability in 2345 Security Guard Project 2345 Security Guard 3.7 In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222014. | 7.8 |
| 2018-05-07 | CVE-2018-1256 | Unspecified vulnerability in VMWare Spring Cloud SSO Connector 2.1.2 Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. | 8.1 |
| 2018-05-07 | CVE-2018-10795 | Unrestricted Upload of File with Dangerous Type vulnerability in Liferay Portal Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. | 8.8 |
| 2018-05-07 | CVE-2018-10778 | Out-of-bounds Read vulnerability in Mp3Gain Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409. | 7.8 |
| 2018-05-07 | CVE-2018-10777 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mp3Gain Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 7.8 |
| 2018-05-07 | CVE-2018-10776 | Improper Input Validation vulnerability in Mp3Gain The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact. | 7.8 |
| 2018-05-04 | CVE-2018-9154 | Improper Input Validation vulnerability in Jasper Project Jasper 2.0.14 There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | 7.5 |
| 2018-05-04 | CVE-2017-15043 | Improper Input Validation vulnerability in Sierrawireless products A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. | 8.8 |