Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2017-18120 Double Free vulnerability in Lcdf Gifsicle 1.90
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.
local
low complexity
lcdf CWE-415
7.8
2018-02-02 CVE-2018-6525 Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220458.
local
low complexity
inca CWE-20
7.8
2018-02-02 CVE-2018-6524 Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220c20.
local
low complexity
inca CWE-20
7.8
2018-02-02 CVE-2018-6523 Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x22045c.
local
low complexity
inca CWE-20
7.8
2018-02-02 CVE-2018-6522 Improper Input Validation vulnerability in Inca Nprotect AVS 4.0/4.0.0.38
In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220408.
local
low complexity
inca CWE-20
7.8
2018-02-02 CVE-2018-6519 Injection vulnerability in multiple products
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
network
low complexity
simplesamlphp debian CWE-74
7.5
2018-02-01 CVE-2017-2297 Improper Authentication vulnerability in Puppet Enterprise
Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not correctly authenticate users before returning labeled RBAC access tokens.
network
high complexity
puppet CWE-287
7.5
2018-02-01 CVE-2017-3160 Unspecified vulnerability in Apache Cordova
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build.
network
high complexity
apache
7.4
2018-02-01 CVE-2018-1192 Information Exposure vulnerability in Pivotal Software products
In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs.
network
low complexity
pivotal-software CWE-200
8.8
2018-02-01 CVE-2015-2204 Information Exposure vulnerability in Evergreen-Ils Evergreen
Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to bypass an intended access restriction and obtain sensitive information about org unit settings by leveraging failure of open-ils.actor.ou_setting.ancestor_default to enforce view_perm when no auth token is provided.
network
low complexity
evergreen-ils CWE-200
7.5