Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-12 CVE-2018-6888 Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1
An issue was discovered in Typesetter 5.1.
network
low complexity
typesettercms CWE-352
8.0
2018-02-12 CVE-2018-6860 Unrestricted Upload of File with Dangerous Type vulnerability in Schools Alert Management Script Project Schools Alert Management Script 2.0.2
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture.
8.8
2018-02-09 CVE-2018-1000058 Deserialization of Untrusted Data vulnerability in Jenkins Pipeline Supporting Apis 2.15/2.16/2.17
Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code.
network
low complexity
jenkins CWE-502
8.8
2018-02-09 CVE-2018-1000056 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Junit
Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-918
8.3
2018-02-09 CVE-2018-1000055 Server-Side Request Forgery (SSRF) vulnerability in Jenkins Android Lint
Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-918
8.3
2018-02-09 CVE-2018-1000054 Server-Side Request Forgery (SSRF) vulnerability in Jenkins CCM
Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the Jenkins master, perform server-side request forgery, or denial-of-service attacks.
network
low complexity
jenkins CWE-918
8.3
2018-02-09 CVE-2018-1000053 Cross-Site Request Forgery (CSRF) vulnerability in Limesurvey 3.0.0
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable.
network
low complexity
limesurvey CWE-352
8.8
2018-02-09 CVE-2018-1000052 Use of Externally-Controlled Format String vulnerability in FMT
fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service.
network
low complexity
fmt CWE-134
7.5
2018-02-09 CVE-2018-1000051 Use After Free vulnerability in multiple products
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution.
local
low complexity
artifex debian CWE-416
7.8
2018-02-09 CVE-2018-1000050 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in STB Vorbis Project STB Vorbis
Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths.
network
low complexity
stb-vorbis-project CWE-119
8.8