Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-24 | CVE-2017-1000475 | Unquoted Search Path or Element vulnerability in Freesshd 1.3.1 FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges. | 7.8 |
| 2018-01-24 | CVE-2018-6184 | Path Traversal vulnerability in Zeit Next.Js ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. | 7.5 |
| 2018-01-24 | CVE-2018-5976 | Cross-Site Request Forgery (CSRF) vulnerability in Rsvp Invitation Online Project Rsvp Invitation Online 1.0 Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. | 8.8 |
| 2018-01-24 | CVE-2018-5969 | Cross-Site Request Forgery (CSRF) vulnerability in Photography CMS Project Photography CMS 1.0 Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via clients/resources/ajax/ajax_new_admin.php, as demonstrated by adding an admin account. | 8.8 |
| 2018-01-24 | CVE-2017-18075 | Release of Invalid Pointer or Reference vulnerability in multiple products crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. | 7.8 |
| 2018-01-23 | CVE-2017-12632 | Improper Input Validation vulnerability in Apache Nifi A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. | 7.5 |
| 2018-01-23 | CVE-2018-5359 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Flexense Sysgauge 3.6.18 The server in Flexense SysGauge 3.6.18 operating on port 9221 can be exploited remotely with the attacker gaining system-level access because of a Buffer Overflow. | 8.1 |
| 2018-01-23 | CVE-2017-2747 | Unspecified vulnerability in HP products HP has identified a potential security vulnerability before IG_11_00_00.10 for DesignJet T790, T795, T1300, T2300, before MRY_04_05_00.5 for DesignJet T920, T930, T1500, T1530, T2500, T2530, before AENEAS_03_04_00.9 for DesignJet T3500, before NEXUS_01_12_00.11 for Latex 310, 330, 360, 370, before NEXUS_03_12_00.15 for Latex 315, 335, 365, 375, before STORM_00_05_01.6 for Latex 560, 570 and Latex 110 that may expose the credentials of the SMTP server configured to receive and process emails generated by the printers. | 7.8 |
| 2018-01-23 | CVE-2017-2742 | Unspecified vulnerability in HP web Jetadmin A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. | 7.5 |
| 2018-01-23 | CVE-2017-2740 | Unspecified vulnerability in HP Thinpro A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. | 7.8 |