Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-25 | CVE-2018-6203 | Improper Input Validation vulnerability in Escanav Anti-Virus 14.0.1400.2029 In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300210C. | 7.8 |
| 2018-01-25 | CVE-2018-6202 | Improper Input Validation vulnerability in Escanav Anti-Virus 14.0.1400.2029 In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020F8. | 7.8 |
| 2018-01-25 | CVE-2018-6201 | Improper Input Validation vulnerability in Escanav Anti-Virus 14.0.1400.2029 In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020E0 or 0x830020E4. | 7.8 |
| 2018-01-25 | CVE-2018-6197 | NULL Pointer Dereference vulnerability in multiple products w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. | 7.5 |
| 2018-01-25 | CVE-2018-6196 | Infinite Loop vulnerability in multiple products w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. | 7.5 |
| 2018-01-24 | CVE-2018-1048 | Improper Encoding or Escaping of Output vulnerability in Redhat Jboss Enterprise Application Platform 7.1.0 It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | 7.5 |
| 2018-01-24 | CVE-2018-1000006 | OS Command Injection vulnerability in Atom Electron 0.33.4/1.8.2 GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. | 8.8 |
| 2018-01-24 | CVE-2017-1000504 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. | 8.1 |
| 2018-01-24 | CVE-2017-1000503 | Race Condition vulnerability in Jenkins A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. | 8.1 |
| 2018-01-24 | CVE-2017-1000502 | OS Command Injection vulnerability in Jenkins EC2 Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. | 8.8 |