Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-04 CVE-2016-10718 Improper Input Validation vulnerability in Brave Browser
Brave Browser before 0.13.0 allows a tab to close itself even if the tab was not opened by a script, resulting in denial of service.
network
low complexity
brave CWE-20
7.5
2018-04-04 CVE-2018-9234 Key Management Errors vulnerability in multiple products
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey.
network
low complexity
gnupg canonical CWE-320
7.5
2018-04-03 CVE-2018-8941 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v.
network
low complexity
d-link CWE-119
8.8
2018-04-03 CVE-2018-9240 NULL Pointer Dereference vulnerability in multiple products
ncmpc through 0.29 is prone to a NULL pointer dereference flaw.
network
low complexity
ncmpc-project debian canonical CWE-476
7.5
2018-04-03 CVE-2018-8779 Improper Input Validation vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters.
network
low complexity
ruby-lang canonical debian CWE-20
7.5
2018-04-03 CVE-2018-8778 Use of Externally-Controlled Format String vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.
network
low complexity
ruby-lang canonical debian redhat CWE-134
7.5
2018-04-03 CVE-2018-8777 Resource Exhaustion vulnerability in multiple products
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption).
network
low complexity
ruby-lang debian canonical redhat CWE-400
7.5
2018-04-03 CVE-2018-8049 Improper Input Validation vulnerability in Unisys Stealth SVG
The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets.
network
low complexity
unisys CWE-20
7.5
2018-04-03 CVE-2018-6914 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a ..
network
low complexity
ruby-lang canonical debian redhat CWE-22
7.5
2018-04-03 CVE-2015-1975 Injection vulnerability in IBM Tivoli Directory Server
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, and 6.3 before iFix 37 and IBM Security Directory Server 6.3.1 before iFix 11 and 6.4 before iFix 2 allows local users to gain privileges via vectors related to argument injection.
local
low complexity
ibm CWE-74
7.8