Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-31 | CVE-2017-8916 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Cisecurity Cis-Cat PRO Dashboard In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access. | 7.8 |
| 2018-01-31 | CVE-2018-1000001 | Out-of-bounds Write vulnerability in multiple products In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. | 7.8 |
| 2018-01-31 | CVE-2017-1000411 | Improper Resource Shutdown or Release vulnerability in Opendaylight and Openflow OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. | 7.5 |
| 2018-01-31 | CVE-2018-6412 | Information Exposure vulnerability in Linux Kernel In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands. | 7.5 |
| 2018-01-30 | CVE-2018-6408 | Cross-Site Request Forgery (CSRF) vulnerability in Conceptronic Cipcamptiwl Firmware and Cipcamptiwl web Firmware An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. | 8.8 |
| 2018-01-30 | CVE-2018-6407 | Improper Input Validation vulnerability in Conceptronic Cipcamptiwl Firmware and Cipcamptiwl web Firmware An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. | 7.5 |
| 2018-01-30 | CVE-2018-6406 | Out-of-bounds Read vulnerability in Webmproject Libwebm The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. | 8.8 |
| 2018-01-30 | CVE-2018-6195 | Unspecified vulnerability in Splashing Images Project Splashing Images 1.0/2.0/2.1 admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php. | 7.2 |
| 2018-01-30 | CVE-2018-5441 | Improper Input Validation vulnerability in Phoenixcontact products An Improper Validation of Integrity Check Value issue was discovered in PHOENIX CONTACT mGuard firmware versions 7.2 to 8.6.0. | 7.8 |
| 2018-01-30 | CVE-2017-1731 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. | 8.8 |