Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2018-1000025 | Incorrect Permission Assignment for Critical Resource vulnerability in Firebase Admin SDK for PHP Project Firebase Admin SDK for PHP Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air. | 8.1 |
| 2018-02-09 | CVE-2018-1000024 | The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. | 7.5 |
| 2018-02-09 | CVE-2018-1000019 | OS Command Injection vulnerability in Open-Emr Openemr 5.0.0 OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. | 8.8 |
| 2018-02-09 | CVE-2018-3607 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3606 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3605 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3604 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3603 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2018-3602 | SQL Injection vulnerability in Trendmicro Control Manager 6.0 An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. | 8.8 |
| 2018-02-09 | CVE-2015-1862 | Race Condition vulnerability in Abrt Project Abrt The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by root after a chroot into a user-specified directory in a namedspaced environment. | 7.0 |