Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-26 CVE-2017-6278 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia products
NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges.
local
low complexity
nvidia CWE-119
7.8
2018-03-26 CVE-2018-1303 Out-of-bounds Read vulnerability in multiple products
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory.
network
low complexity
apache debian canonical netapp CWE-125
7.5
2018-03-26 CVE-2017-15715 Improper Input Validation vulnerability in multiple products
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename.
network
high complexity
apache debian canonical netapp redhat CWE-20
8.1
2018-03-26 CVE-2017-15710 Out-of-bounds Write vulnerability in multiple products
In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials.
network
low complexity
apache debian canonical netapp redhat CWE-787
7.5
2018-03-26 CVE-2018-5470 Untrusted Search Path vulnerability in Philips Intellispace Portal 8.0/9.0
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
local
low complexity
philips CWE-426
7.8
2018-03-26 CVE-2018-5466 Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
network
low complexity
philips CWE-295
7.5
2018-03-26 CVE-2018-5464 Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
network
low complexity
philips CWE-295
7.5
2018-03-26 CVE-2018-5462 Improper Certificate Validation vulnerability in Philips Intellispace Portal 8.0/9.0
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
network
low complexity
philips CWE-295
7.5
2018-03-26 CVE-2018-5458 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Philips Intellispace Portal 8.0/9.0
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.
network
low complexity
philips CWE-327
7.5
2018-03-26 CVE-2018-5454 Unspecified vulnerability in Philips Intellispace Portal 8.0/9.0
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.
network
high complexity
philips
8.1