Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2014-3219 | Link Following vulnerability in multiple products fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER. | 7.8 |
| 2018-02-09 | CVE-2018-6508 | Use of Externally-Controlled Format String vulnerability in Puppet Enterprise 2017.3.0/2017.3.1/2017.3.2 Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. | 8.0 |
| 2018-02-09 | CVE-2018-1307 | XXE vulnerability in Apache Juddi In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are little protections present against entity expansion and DTD type of attacks. | 8.1 |
| 2018-02-09 | CVE-2018-6827 | Improper Certificate Validation vulnerability in Omninova Vobot Firmware VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option. | 8.1 |
| 2018-02-09 | CVE-2018-6826 | Unspecified vulnerability in Omninova Vobot Firmware An issue was discovered on VOBOT CLOCK before 0.99.30 devices. | 7.5 |
| 2018-02-09 | CVE-2018-1053 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. | 7.0 |
| 2018-02-09 | CVE-2016-10712 | Improper Input Validation vulnerability in multiple products In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). | 7.5 |
| 2018-02-08 | CVE-2018-6644 | NULL Pointer Dereference vulnerability in Sblim Project Small Footprint CIM Broker 1.4.9 SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) vulnerability via a crafted POST request to the /cimom URI. | 7.5 |
| 2018-02-08 | CVE-2017-15914 | Unspecified vulnerability in Borgbackup Borg 1.1.0/1.1.1/1.1.2 Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3. | 8.8 |
| 2018-02-08 | CVE-2014-8985 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2810, CVE-2014-2811, CVE-2014-2822, CVE-2014-2823, CVE-2014-4057, and CVE-2014-4145. | 7.5 |