Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-02-12 CVE-2017-13231 Out-of-bounds Write vulnerability in Google Android 8.0/8.1
In libmediadrm, there is an out-of-bounds write due to improper input validation.
local
low complexity
google CWE-787
7.8
2018-02-12 CVE-2017-13230 Out-of-bounds Write vulnerability in Google Android
In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value.
network
low complexity
google CWE-787
8.8
2018-02-12 CVE-2017-13228 Out-of-bounds Write vulnerability in Google Android
In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character.
network
low complexity
google CWE-787
8.8
2018-02-12 CVE-2016-9570 NULL Pointer Dereference vulnerability in Carbonblack Carbon Black 5.1.1.60603
cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe.
network
low complexity
carbonblack CWE-476
7.5
2018-02-12 CVE-2018-6926 OS Command Injection vulnerability in Misp 2.4.87
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands.
network
low complexity
misp CWE-78
7.2
2018-02-12 CVE-2016-8742 Permissions, Privileges, and Access Controls vulnerability in Apache Couchdb 2.0.0
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation.
local
low complexity
apache CWE-264
7.8
2018-02-12 CVE-2016-5397 Command Injection vulnerability in Apache Thrift
The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool.
network
low complexity
apache CWE-77
8.8
2018-02-12 CVE-2017-18179 Improper Authentication vulnerability in Progress Sitefinity 9.1
Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination.
network
low complexity
progress CWE-287
8.8
2018-02-12 CVE-2018-6889 Code Injection vulnerability in Typesettercms Typesetter 5.1
An issue was discovered in Typesetter 5.1.
network
low complexity
typesettercms CWE-94
8.8
2018-02-12 CVE-2018-6888 Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1
An issue was discovered in Typesetter 5.1.
network
low complexity
typesettercms CWE-352
8.0