Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-12 CVE-2017-18225 Incorrect Permission Assignment for Critical Resource vulnerability in Jabberd2
The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs.
local
low complexity
jabberd2 CWE-732
7.8
2018-03-12 CVE-2016-5314 Out-of-bounds Write vulnerability in multiple products
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
network
low complexity
libtiff opensuse redhat debian CWE-787
8.8
2018-03-12 CVE-2014-8129 Out-of-bounds Write vulnerability in multiple products
LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c.
network
low complexity
libtiff debian redhat apple CWE-787
8.8
2018-03-11 CVE-2018-8059 Improper Certificate Validation vulnerability in Suse Portus 2.3.0
The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxy_ssl_* directives are used.
low complexity
suse CWE-295
8.8
2018-03-11 CVE-2018-8056 Information Exposure vulnerability in Cobub Razor 0.8.0
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
network
low complexity
cobub CWE-200
7.5
2018-03-10 CVE-2018-6312 Weak Password Requirements vulnerability in Foxconn Ap-Fc4064-T Firmware Apgtb385.8.3Lb15W47Lte
A privileged account with a weak default password on the Foxconn femtocell FEMTO AP-FC4064-T version AP_GT_B38_5.8.3lb15-W47 LTE Build 15 can be used to turn on the TELNET service via the web interface, which allows root login without any password.
network
low complexity
foxconn CWE-521
7.2
2018-03-10 CVE-2017-18223 Improper Authentication vulnerability in BMC Remedy Action Request System
BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access.
network
high complexity
bmc CWE-287
8.1
2018-03-09 CVE-2018-7239 Untrusted Search Path vulnerability in Schneider-Electric products
A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary code.
local
low complexity
schneider-electric CWE-426
7.8
2018-03-09 CVE-2018-7236 Improper Authentication vulnerability in Schneider-Electric products
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param could enable SSH service.
network
low complexity
schneider-electric CWE-287
8.1
2018-03-09 CVE-2018-7235 Improper Input Validation vulnerability in Schneider-Electric products
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'
network
low complexity
schneider-electric CWE-20
7.5