Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-19 | CVE-2018-7253 | Out-of-bounds Read vulnerability in multiple products The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack 5.1.0 allows a remote attacker to cause a denial-of-service (heap-based buffer over-read) or possibly overwrite the heap via a maliciously crafted DSDIFF file. | 7.8 |
| 2018-02-19 | CVE-2016-10008 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | 7.2 |
| 2018-02-19 | CVE-2016-10007 | SQL Injection vulnerability in Dotcms SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | 7.2 |
| 2018-02-19 | CVE-2018-6592 | Improper Resource Shutdown or Release vulnerability in Unisys Stealth 3.3 Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage. | 7.8 |
| 2018-02-19 | CVE-2017-16670 | Code Injection vulnerability in Smartbear Soapui 5.3.0 The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | 7.8 |
| 2018-02-19 | CVE-2012-0771 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759. | 8.8 |
| 2018-02-19 | CVE-2017-18191 | An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. | 7.5 |
| 2018-02-19 | CVE-2018-7219 | Cross-Site Request Forgery (CSRF) vulnerability in 5None Nonecms 1.3.0 application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request. | 8.8 |
| 2018-02-19 | CVE-2018-1411 | Unspecified vulnerability in IBM Client Application Access and Notes IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. | 7.8 |
| 2018-02-19 | CVE-2018-1410 | Unspecified vulnerability in IBM Client Application Access and Notes IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. | 7.8 |