Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-01 | CVE-2014-9504 | Improper Access Control vulnerability in Open Atrium Project Open Atrium The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance. | 7.5 |
| 2018-02-01 | CVE-2014-9502 | Cross-Site Request Forgery (CSRF) vulnerability in Open Atrium Project Open Atrium Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication of unknown victims via vectors related to menu callbacks. | 8.8 |
| 2018-02-01 | CVE-2018-6186 | Server-Side Request Forgery (SSRF) vulnerability in Citrix Netscaler 12.0 Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. | 8.8 |
| 2018-02-01 | CVE-2018-0509 | Cross-Site Request Forgery (CSRF) vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21 Cross-site request forgery (CSRF) vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors. | 8.8 |
| 2018-02-01 | CVE-2017-1000409 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc 2.5 A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. | 7.0 |
| 2018-02-01 | CVE-2017-1000408 | Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc 2.1.1 A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. | 7.8 |
| 2018-01-31 | CVE-2018-6480 | Incorrect Type Conversion or Cast vulnerability in Ccn-Lite 2.0.0 A type confusion issue was discovered in CCN-lite 2, leading to a memory access violation and a failure of the nonce feature (which, for example, helped with loop prevention). | 8.8 |
| 2018-01-31 | CVE-2018-6479 | Unspecified vulnerability in Seasofsolutions IP Camera Firmware An issue was discovered on Netwave IP Camera devices. | 7.5 |
| 2018-01-31 | CVE-2018-0136 | Unspecified vulnerability in Cisco IOS XR 5.3.4 A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series could allow an unauthenticated, remote attacker to trigger a reload of one or more Trident-based line cards, resulting in a denial of service (DoS) condition. | 8.6 |
| 2018-01-31 | CVE-2017-16945 | Incorrect Permission Assignment for Critical Resource vulnerability in Haystacksoftware ARQ The standardrestorer binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted restore path. | 7.8 |