Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-12 | CVE-2017-13231 | Out-of-bounds Write vulnerability in Google Android 8.0/8.1 In libmediadrm, there is an out-of-bounds write due to improper input validation. | 7.8 |
| 2018-02-12 | CVE-2017-13230 | Out-of-bounds Write vulnerability in Google Android In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. | 8.8 |
| 2018-02-12 | CVE-2017-13228 | Out-of-bounds Write vulnerability in Google Android In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. | 8.8 |
| 2018-02-12 | CVE-2016-9570 | NULL Pointer Dereference vulnerability in Carbonblack Carbon Black 5.1.1.60603 cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe. | 7.5 |
| 2018-02-12 | CVE-2018-6926 | OS Command Injection vulnerability in Misp 2.4.87 In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. | 7.2 |
| 2018-02-12 | CVE-2016-8742 | Permissions, Privileges, and Access Controls vulnerability in Apache Couchdb 2.0.0 The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. | 7.8 |
| 2018-02-12 | CVE-2016-5397 | Command Injection vulnerability in Apache Thrift The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. | 8.8 |
| 2018-02-12 | CVE-2017-18179 | Improper Authentication vulnerability in Progress Sitefinity 9.1 Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. | 8.8 |
| 2018-02-12 | CVE-2018-6889 | Code Injection vulnerability in Typesettercms Typesetter 5.1 An issue was discovered in Typesetter 5.1. | 8.8 |
| 2018-02-12 | CVE-2018-6888 | Cross-Site Request Forgery (CSRF) vulnerability in Typesettercms Typesetter 5.1 An issue was discovered in Typesetter 5.1. | 8.0 |