Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2014-6435 | Improper Authentication vulnerability in Aztech products cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. | 7.5 |
| 2018-01-12 | CVE-2017-0869 | Use After Free vulnerability in Google Android NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. | 7.8 |
| 2018-01-12 | CVE-2018-5374 | SQL Injection vulnerability in Slidervilla Dbox Slider The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | 8.8 |
| 2018-01-12 | CVE-2018-5373 | SQL Injection vulnerability in Slidervilla Smooth Slider The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter). | 8.8 |
| 2018-01-12 | CVE-2018-5372 | SQL Injection vulnerability in Slidervilla Testimonial Slider The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | 8.8 |
| 2018-01-12 | CVE-2018-5371 | OS Command Injection vulnerability in D-Link Dsl-2540U Firmware and Dsl-2640U Firmware diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request. | 8.8 |
| 2018-01-12 | CVE-2018-5368 | Cross-Site Request Forgery (CSRF) vulnerability in Srbtranslatin Project Srbtranslatin 1.46 The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php. | 8.8 |
| 2018-01-12 | CVE-2018-5361 | Cross-Site Request Forgery (CSRF) vulnerability in Wpglobus 1.9.6 The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php. | 8.8 |
| 2018-01-12 | CVE-2018-5344 | Use After Free vulnerability in multiple products In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact. | 7.8 |
| 2018-01-12 | CVE-2018-5327 | Unspecified vulnerability in Cmcm Armorfly Browser & Downloader 1.1.05.0010 Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | 7.5 |