Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2018-5976 | Cross-Site Request Forgery (CSRF) vulnerability in Rsvp Invitation Online Project Rsvp Invitation Online 1.0 Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | 8.8 |
| 2018-01-24 | CVE-2018-5969 | Cross-Site Request Forgery (CSRF) vulnerability in Photography CMS Project Photography CMS 1.0 Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | 8.8 |
| 2018-01-24 | CVE-2017-18075 | Release of Invalid Pointer or Reference vulnerability in multiple products crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. | 7.8 |
| 2018-01-23 | CVE-2017-12632 | Improper Input Validation vulnerability in Apache Nifi A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. | 7.5 |
| 2018-01-23 | CVE-2018-5359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Sysgauge 3.6.18 The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow. | 8.1 |
| 2018-01-23 | CVE-2017-2747 | Unspecified vulnerability in HP products HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers. | 7.8 |
| 2018-01-23 | CVE-2017-2742 | Unspecified vulnerability in HP web Jetadmin A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. | 7.5 |
| 2018-01-23 | CVE-2017-2740 | Unspecified vulnerability in HP Thinpro A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. | 7.8 |
| 2018-01-23 | CVE-2017-15107 | Unspecified vulnerability in Thekelleys Dnsmasq A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. | 7.5 |
| 2018-01-23 | CVE-2017-15091 | Improperly Implemented Security Check for Standard vulnerability in Powerdns Authoritative An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. | 7.1 |