Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2018-1000006 | OS Command Injection vulnerability in Atom Electron 0.33.4/1.8.2 GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. | 8.8 |
| 2018-01-24 | CVE-2017-1000504 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. | 8.1 |
| 2018-01-24 | CVE-2017-1000503 | Race Condition vulnerability in Jenkins A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. | 8.1 |
| 2018-01-24 | CVE-2017-1000502 | OS Command Injection vulnerability in Jenkins EC2 Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. | 8.8 |
| 2018-01-24 | CVE-2018-5319 | Information Exposure vulnerability in Ravpower Filehub Firmware 2.000.056 RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | 7.5 |
| 2018-01-24 | CVE-2017-15135 | Unspecified vulnerability in Fedoraproject 389 Directory Server It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. | 8.1 |
| 2018-01-24 | CVE-2018-1000018 | Information Exposure Through Log Files vulnerability in Ovirt Ovirt-Hosted-Engine-Setup An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. | 7.8 |
| 2018-01-24 | CVE-2017-1769 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2018-01-24 | CVE-2017-1000475 | Unquoted Search Path or Element vulnerability in Freesshd 1.3.1 FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges. | 7.8 |
| 2018-01-24 | CVE-2018-6184 | Path Traversal vulnerability in Zeit Next.Js ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. | 7.5 |