Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-25 | CVE-2018-6196 | Infinite Loop vulnerability in multiple products w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. | 7.5 |
| 2018-01-24 | CVE-2018-1048 | Improper Encoding or Escaping of Output vulnerability in Redhat Jboss Enterprise Application Platform 7.1.0 It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. | 7.5 |
| 2018-01-24 | CVE-2018-1000006 | OS Command Injection vulnerability in Atom Electron 0.33.4/1.8.2 GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. | 8.8 |
| 2018-01-24 | CVE-2017-1000504 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. | 8.1 |
| 2018-01-24 | CVE-2017-1000503 | Race Condition vulnerability in Jenkins A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. | 8.1 |
| 2018-01-24 | CVE-2017-1000502 | OS Command Injection vulnerability in Jenkins EC2 Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. | 8.8 |
| 2018-01-24 | CVE-2018-5319 | Information Exposure vulnerability in Ravpower Filehub Firmware 2.000.056 RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | 7.5 |
| 2018-01-24 | CVE-2017-15135 | Unspecified vulnerability in Fedoraproject 389 Directory Server It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. | 8.1 |
| 2018-01-24 | CVE-2018-1000018 | Information Exposure Through Log Files vulnerability in Ovirt Ovirt-Hosted-Engine-Setup An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file. | 7.8 |
| 2018-01-24 | CVE-2017-1769 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Business Process Manager 8.6.0.0 IBM Business Process Manager 8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |