Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-20 | CVE-2018-6487 | Information Exposure vulnerability in Microfocus Universal Cmdb Foundation Software Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11. | 7.5 |
| 2018-02-20 | CVE-2004-2779 | Resource Management Errors vulnerability in Underbit Libid3Tag 0.15.0B/0.15.1B id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). | 7.5 |
| 2018-02-20 | CVE-2018-7046 | OS Command Injection vulnerability in Kentico CMS Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. | 7.2 |
| 2018-02-20 | CVE-2018-6941 | Cross-Site Request Forgery (CSRF) vulnerability in Nat32 2.2 A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS. | 8.8 |
| 2018-02-20 | CVE-2016-6272 | XML Injection (aka Blind XPath Injection) vulnerability in Epic Mychart XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. | 7.5 |
| 2018-02-20 | CVE-2017-18192 | Information Exposure vulnerability in Photo,Video Locker-Calculator Project Photo,Video Locker-Calculator 12.0/18.0 smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN. | 7.5 |
| 2018-02-20 | CVE-2017-16835 | Cleartext Storage of Sensitive Information vulnerability in Photo,Video Locker-Calculator Project Photo,Video Locker-Calculator 12.0 The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command. | 7.5 |
| 2018-02-19 | CVE-2018-7254 | Out-of-bounds Read vulnerability in multiple products The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. | 7.8 |
| 2018-02-19 | CVE-2018-7253 | Out-of-bounds Read vulnerability in multiple products The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. | 7.8 |
| 2018-02-19 | CVE-2016-10008 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | 7.2 |