Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-29 | CVE-2018-6391 | Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Wf2419 Firmware 2.2.36123 A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. | 8.8 |
| 2018-01-29 | CVE-2017-15133 | Resource Exhaustion vulnerability in Miekg-Dns Prject Miekg-Dns A denial of service flaw was found in miekg-dns before 1.0.4. | 7.5 |
| 2018-01-29 | CVE-2018-6388 | OS Command Injection vulnerability in Iball Ib-Wra150N Firmware 1.2.6 iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ping test arguments on the Diagnostics page. | 8.8 |
| 2018-01-29 | CVE-2018-6383 | Incomplete Blacklist vulnerability in Monstra Monstra CMS through 3.0.4 has an incomplete "forbidden types" list that excludes .php (and similar) file extensions but not the .pht or .phar extension, which allows remote authenticated Admins or Editors to execute arbitrary PHP code by uploading a file, a different vulnerability than CVE-2017-18048. | 8.8 |
| 2018-01-29 | CVE-2017-12626 | Infinite Loop vulnerability in Apache POI Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295). | 7.5 |
| 2018-01-29 | CVE-2017-1000356 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts. | 8.8 |
| 2018-01-29 | CVE-2017-1000354 | Improper Authentication vulnerability in Jenkins Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. | 8.8 |
| 2018-01-29 | CVE-2018-1364 | XXE vulnerability in IBM Content Navigator 2.0.3/3.0.2/3.0.3 IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.2 |
| 2018-01-29 | CVE-2017-4951 | Cross-Site Request Forgery (CSRF) vulnerability in VMWare Airwatch VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) contains a Cross Site Request Forgery vulnerability when accessing the App Catalog. | 8.8 |
| 2018-01-29 | CVE-2017-1779 | Insufficiently Protected Credentials vulnerability in multiple products IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. | 7.8 |