Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-12 | CVE-2017-18225 | Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2 The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. | 7.8 |
| 2018-03-12 | CVE-2016-5314 | Out-of-bounds Write vulnerability in multiple products Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr. | 8.8 |
| 2018-03-12 | CVE-2014-8129 | Out-of-bounds Write vulnerability in multiple products LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. | 8.8 |
| 2018-03-11 | CVE-2018-8059 | Improper Certificate Validation vulnerability in Suse Portus 2.3.0 The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used. | 8.8 |
| 2018-03-11 | CVE-2018-8056 | Information Exposure vulnerability in Cobub Razor 0.8.0 Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php. | 7.5 |
| 2018-03-10 | CVE-2018-6312 | Weak Password Requirements vulnerability in Foxconn Ap-Fc4064-T Firmware Apgtb385.8.3Lb15W47Lte A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password. | 7.2 |
| 2018-03-10 | CVE-2017-18223 | Improper Authentication vulnerability in BMC Remedy Action Request System BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. | 8.1 |
| 2018-03-09 | CVE-2018-7239 | Untrusted Search Path vulnerability in Schneider-Electric products A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code. | 7.8 |
| 2018-03-09 | CVE-2018-7236 | Improper Authentication vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service. | 8.1 |
| 2018-03-09 | CVE-2018-7235 | Improper Input Validation vulnerability in Schneider-Electric products A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file' | 7.5 |