Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-22 | CVE-2018-0848 | Unspecified vulnerability in Microsoft Office, Office Compatibility Pack and Word Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". | 8.8 |
| 2018-01-22 | CVE-2018-0845 | Unspecified vulnerability in Microsoft Office, Office Compatibility Pack and Word Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". | 7.8 |
| 2018-01-22 | CVE-2018-6010 | Cross-site Scripting vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. | 7.5 |
| 2018-01-22 | CVE-2018-6009 | Cross-Site Request Forgery (CSRF) vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity. | 8.8 |
| 2018-01-22 | CVE-2018-6003 | Uncontrolled Recursion vulnerability in multiple products An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. | 7.5 |
| 2018-01-22 | CVE-2018-5761 | Improper Certificate Validation vulnerability in Rubrik CDM 3.0.0/4.0.0/4.0.4 A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. | 8.1 |
| 2018-01-22 | CVE-2017-17858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Artifex Mupdf 1.12.0 Heap-based buffer overflow in the ensure_solid_xref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted. | 7.8 |
| 2018-01-22 | CVE-2018-5968 | Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. | 8.1 |
| 2018-01-22 | CVE-2016-10709 | OS Command Injection vulnerability in Pfsense 2.2.6 pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | 8.8 |
| 2018-01-22 | CVE-2018-5960 | SQL Injection vulnerability in Tribalsystems Zenario Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | 8.8 |