Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2018-5319 | Information Exposure vulnerability in Ravpower Filehub Firmware 2.000.056 RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | 7.5 |
| 2018-01-24 | CVE-2017-15135 | Unspecified vulnerability in Fedoraproject 389 Directory Server It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. | 8.1 |
| 2018-01-24 | CVE-2018-1000018 | Information Exposure Through Log Files vulnerability in Ovirt Ovirt-Hosted-Engine-Setup An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. | 7.8 |
| 2018-01-24 | CVE-2017-1769 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-01-24 | CVE-2017-1000475 | Unquoted Search Path or Element vulnerability in Freesshd 1.3.1 FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges. | 7.8 |
| 2018-01-24 | CVE-2018-6184 | Path Traversal vulnerability in Zeit Next.Js ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. | 7.5 |
| 2018-01-24 | CVE-2018-5976 | Cross-Site Request Forgery (CSRF) vulnerability in Rsvp Invitation Online Project Rsvp Invitation Online 1.0 Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | 8.8 |
| 2018-01-24 | CVE-2018-5969 | Cross-Site Request Forgery (CSRF) vulnerability in Photography CMS Project Photography CMS 1.0 Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | 8.8 |
| 2018-01-24 | CVE-2017-18075 | Release of Invalid Pointer or Reference vulnerability in multiple products crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. | 7.8 |
| 2018-01-23 | CVE-2017-12632 | Improper Input Validation vulnerability in Apache Nifi A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. | 7.5 |