Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-03 | CVE-2018-6593 | Incorrect Permission Assignment for Critical Resource vulnerability in Malwarefox Antimalware 2.74.0.150 An issue was discovered in MalwareFox AntiMalware 2.74.0.150. | 7.8 |
| 2018-02-03 | CVE-2018-6594 | Inadequate Encryption Strength vulnerability in multiple products lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). | 7.5 |
| 2018-02-03 | CVE-2017-18123 | Improper Input Validation vulnerability in multiple products The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs. | 8.6 |
| 2018-02-03 | CVE-2015-2186 | Improper Input Validation vulnerability in EDX Configuration and Edx-Platform The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. | 7.5 |
| 2018-02-03 | CVE-2009-5144 | 7PK - Security Features vulnerability in MOD Gnutls Project MOD Gnutls mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. | 7.5 |
| 2018-02-02 | CVE-2018-6318 | Untrusted Search Path vulnerability in Sophos Tester 3.2.0.7 In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). | 7.8 |
| 2018-02-02 | CVE-2018-5261 | Missing Encryption of Sensitive Data vulnerability in Flexense Diskboss An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. | 8.1 |
| 2018-02-02 | CVE-2016-0312 | Information Exposure vulnerability in IBM Tririga Application Platform IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers to obtain sensitive information via vectors related to granting unauthenticated access to Document Manager. | 7.5 |
| 2018-02-02 | CVE-2014-1835 | Credentials Management vulnerability in Echor Project Echor 0.1.6 The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table. | 7.8 |
| 2018-02-02 | CVE-2014-1834 | Command Injection vulnerability in Echor Project Echor 0.1.6 The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password. | 7.8 |