Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-19 | CVE-2017-7326 | Race Condition vulnerability in Yandex Browser Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | 7.5 |
| 2018-01-19 | CVE-2017-7325 | Improper Input Validation vulnerability in Yandex Browser Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open. | 7.5 |
| 2018-01-19 | CVE-2015-6926 | Improper Authentication vulnerability in Oxid-Esales Eshop The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. | 7.5 |
| 2018-01-18 | CVE-2016-10707 | Uncontrolled Recursion vulnerability in Jquery 3.0.0 jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. | 7.5 |
| 2018-01-18 | CVE-2017-3158 | Race Condition vulnerability in Apache Guacamole A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. | 8.1 |
| 2018-01-18 | CVE-2017-5170 | Uncontrolled Search Path Element vulnerability in Moxa Softnvr-Ia Live View An Uncontrolled Search Path Element issue was discovered in Moxa SoftNVR-IA Live Viewer, Version 3.30.3122 and prior versions. | 7.2 |
| 2018-01-18 | CVE-2018-5766 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libav In Libav through 12.2, there is an invalid memcpy in the av_packet_ref function of libavcodec/avpacket.c. | 8.8 |
| 2018-01-18 | CVE-2018-0110 | Incorrect Authorization vulnerability in Cisco Webex Meetings Server A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. | 8.1 |
| 2018-01-18 | CVE-2018-0107 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Prime Service Catalog A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. | 8.8 |
| 2018-01-18 | CVE-2018-0102 | Double Free vulnerability in Cisco Nx-Os 7.2(1)D(1)/7.2(2)D1(1)/7.2(2)D1(2) A vulnerability in the Pong tool of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. | 7.4 |