Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-07 | CVE-2018-10795 | Unrestricted Upload of File with Dangerous Type vulnerability in Liferay Portal Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemanager/browser/liferay/browser.html URI. | 8.8 |
| 2018-05-07 | CVE-2018-10778 | Out-of-bounds Read vulnerability in Mp3Gain Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409. | 7.8 |
| 2018-05-07 | CVE-2018-10777 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mp3Gain Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | 7.8 |
| 2018-05-07 | CVE-2018-10776 | Improper Input Validation vulnerability in Mp3Gain The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact. | 7.8 |
| 2018-05-04 | CVE-2018-9154 | Improper Input Validation vulnerability in Jasper Project Jasper 2.0.14 There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-2017-13745. | 7.5 |
| 2018-05-04 | CVE-2017-15043 | Improper Input Validation vulnerability in Sierrawireless products A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. | 8.8 |
| 2018-05-04 | CVE-2013-2233 | Key Management Errors vulnerability in Redhat Ansible Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys. | 7.4 |
| 2018-05-04 | CVE-2018-7509 | Out-of-bounds Write vulnerability in Deltaww Wplsoft WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. | 8.8 |
| 2018-05-04 | CVE-2018-7507 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Wplsoft WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length heap buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | 8.8 |
| 2018-05-04 | CVE-2018-7494 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Deltaww Wplsoft WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash. | 8.8 |