Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-20 CVE-2018-6487 Information Exposure vulnerability in Microfocus Universal Cmdb Foundation Software
Remote Disclosure of Information in Micro Focus Universal CMDB Foundation Software, version numbers 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 4.10, 4.11.
network
low complexity
microfocus CWE-200
7.5
2018-02-20 CVE-2004-2779 Resource Management Errors vulnerability in Underbit Libid3Tag 0.15.0B/0.15.1B
id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).
network
low complexity
underbit CWE-399
7.5
2018-02-20 CVE-2018-7046 OS Command Injection vulnerability in Kentico CMS
Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box.
network
low complexity
kentico CWE-78
7.2
2018-02-20 CVE-2018-6941 Cross-Site Request Forgery (CSRF) vulnerability in Nat32 2.2
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
network
low complexity
nat32 CWE-352
8.8
2018-02-20 CVE-2016-6272 XML Injection (aka Blind XPath Injection) vulnerability in Epic Mychart
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp.
network
low complexity
epic CWE-91
7.5
2018-02-20 CVE-2017-18192 Information Exposure vulnerability in Photo,Video Locker-Calculator Project Photo,Video Locker-Calculator 12.0/18.0
smart/calculator/gallerylock/CalculatorActivity.java in the "Photo,Video Locker-Calculator" application through 18 for Android allows attackers to access files via the backdoor 17621762 PIN.
7.5
2018-02-20 CVE-2017-16835 Cleartext Storage of Sensitive Information vulnerability in Photo,Video Locker-Calculator Project Photo,Video Locker-Calculator 12.0
The "Photo,Video Locker-Calculator" application 12.0 for Android has android:allowBackup="true" in AndroidManifest.xml, which allows attackers to obtain sensitive cleartext information via an "adb backup '-f smart.calculator.gallerylock'" command.
7.5
2018-02-19 CVE-2018-7254 Out-of-bounds Read vulnerability in multiple products
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (global buffer over-read), or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file.
local
low complexity
wavpack debian CWE-125
7.8
2018-02-19 CVE-2018-7253 Out-of-bounds Read vulnerability in multiple products
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file.
local
low complexity
wavpack debian canonical CWE-125
7.8
2018-02-19 CVE-2016-10008 SQL Injection vulnerability in Dotcms
SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter.
network
low complexity
dotcms CWE-89
7.2