Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-26 | CVE-2017-12375 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2018-01-26 | CVE-2017-12374 | Use After Free vulnerability in multiple products The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.5 |
| 2018-01-26 | CVE-2017-3768 | Resource Exhaustion vulnerability in multiple products An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x). | 7.5 |
| 2018-01-26 | CVE-2017-18076 | In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase. | 7.5 |
| 2018-01-26 | CVE-2018-0507 | Untrusted Search Path vulnerability in Ntt-East products Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2018-01-26 | CVE-2018-6323 | Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1 The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used. | 7.8 |
| 2018-01-26 | CVE-2017-14593 | Command Injection vulnerability in Atlassian Sourcetree Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. | 8.8 |
| 2018-01-26 | CVE-2017-14592 | Command Injection vulnerability in Atlassian Sourcetree Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. | 8.8 |
| 2018-01-26 | CVE-2017-1000403 | Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins Speaks! 0.1/0.1.1 Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts. | 8.8 |
| 2018-01-26 | CVE-2017-1000394 | Improper Input Validation vulnerability in Jenkins Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. | 7.5 |