Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-26 CVE-2017-14523 Injection vulnerability in Wondercms 2.3.1
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack.
network
low complexity
wondercms CWE-74
7.5
7.5
2018-01-26 CVE-2017-14521 Unrestricted Upload of File with Dangerous Type vulnerability in Wondercms 2.3.0/2.3.1
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
network
low complexity
wondercms CWE-434
8.8
8.8
2018-01-26 CVE-2017-12380 NULL Pointer Dereference vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-476
7.5
7.5
2018-01-26 CVE-2017-12376 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device.
local
low complexity
debian clamav CWE-119
7.8
7.8
2018-01-26 CVE-2017-12375 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-119
7.5
7.5
2018-01-26 CVE-2017-12374 Use After Free vulnerability in multiple products
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
network
low complexity
debian clamav CWE-416
7.5
7.5
2018-01-26 CVE-2017-3768 Resource Exhaustion vulnerability in multiple products
An unprivileged attacker with connectivity to the IMM2 could cause a denial of service attack on the IMM2 (Versions earlier than 4.4 for Lenovo System x and earlier than 6.4 for IBM System x).
network
low complexity
lenova ibm CWE-400
7.5
7.5
2018-01-26 CVE-2017-18076 In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase.
network
low complexity
omniauth debian
7.5
7.5
2018-01-26 CVE-2018-0507 Untrusted Search Path vulnerability in Ntt-East products
Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
ntt-east CWE-426
7.8
7.8
2018-01-26 CVE-2018-6323 Integer Overflow or Wraparound vulnerability in GNU Binutils 2.29.1
The elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, has an unsigned integer overflow because bfd_size_type multiplication is not used.
local
low complexity
gnu CWE-190
7.8
7.8