Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-30 CVE-2018-11481 Improper Input Validation vulnerability in Tp-Link products
TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua does not block various punctuation characters.
network
low complexity
tp-link CWE-20
8.8
2018-05-30 CVE-2018-11478 Improper Authentication vulnerability in Vgate Icar 2 Wi-Fi Obd2 Firmware
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices.
low complexity
vgate CWE-287
8.8
2018-05-30 CVE-2018-11476 Missing Authentication for Critical Function vulnerability in Vgate Icar 2 Wi-Fi Obd2 Firmware
An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices.
low complexity
vgate CWE-306
8.8
2018-05-30 CVE-2015-7610 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
network
low complexity
zimbra synacor CWE-352
8.8
2018-05-30 CVE-2018-11518 Improper Input Validation vulnerability in Hcltech Legacy IVR Firmware
A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP.
network
high complexity
hcltech CWE-20
8.1
2018-05-30 CVE-2018-11438 Out-of-bounds Write vulnerability in Libmobi Project Libmobi 0.3
The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.
network
low complexity
libmobi-project CWE-787
8.8
2018-05-30 CVE-2018-11556 Out-of-bounds Write vulnerability in Littlecms Little CMS 2.9
tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file.
local
low complexity
littlecms CWE-787
7.8
2018-05-30 CVE-2018-11555 Out-of-bounds Write vulnerability in Littlecms Little CMS 2.9
tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file.
local
low complexity
littlecms CWE-787
7.8
2018-05-30 CVE-2018-11235 Path Traversal vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur.
7.8
2018-05-30 CVE-2018-11233 Out-of-bounds Read vulnerability in multiple products
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
network
low complexity
canonical git-scm CWE-125
7.5