Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2018-5326 | Unspecified vulnerability in Cmcm CM Browser 5.22.06.0012 Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | 7.5 |
| 2018-01-12 | CVE-2017-16736 | Unrestricted Upload of File with Dangerous Type vulnerability in Advantech Webaccess An Unrestricted Upload Of File With Dangerous Type issue was discovered in Advantech WebAccess versions prior to 8.3. | 7.5 |
| 2018-01-12 | CVE-2018-5345 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. | 7.8 |
| 2018-01-11 | CVE-2018-5336 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. | 7.5 |
| 2018-01-11 | CVE-2012-0699 | Cross-Site Request Forgery (CSRF) vulnerability in Haudenschilt Family Connections CMS Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php. | 8.8 |
| 2018-01-11 | CVE-2018-5189 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jungo Windriver Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability. | 7.8 |
| 2018-01-11 | CVE-2017-15637 | Unspecified vulnerability in Tp-Link products TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file. | 7.2 |
| 2018-01-11 | CVE-2017-15636 | Unspecified vulnerability in Tp-Link products TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file. | 7.2 |
| 2018-01-11 | CVE-2017-15635 | Unspecified vulnerability in Tp-Link products TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file. | 7.2 |
| 2018-01-11 | CVE-2017-15634 | Unspecified vulnerability in Tp-Link products TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file. | 7.2 |