Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-09 | CVE-2018-5308 | NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). | 7.8 |
2018-01-09 | CVE-2012-3353 | Information Exposure vulnerability in Apache Sling JCR Contentloader 2.1.4 The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. | 7.5 |
2018-01-08 | CVE-2015-2319 | Improper Certificate Validation vulnerability in Mono-Project Mono The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | 7.5 |
2018-01-08 | CVE-2015-2318 | Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | 8.1 |
2018-01-08 | CVE-2014-2071 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | 7.1 |
2018-01-08 | CVE-2013-4364 | Link Following vulnerability in Redhat Openshift 1.0/2.0 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | 7.8 |
2018-01-08 | CVE-2018-5283 | Path Traversal vulnerability in Photos in Wifi Project Photos in Wifi 1.0.1 The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. | 7.5 |
2018-01-08 | CVE-2018-5282 | Out-of-bounds Write vulnerability in Kentico CMS Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. | 7.8 |
2018-01-08 | CVE-2018-5259 | Unspecified vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | 8.8 |
2018-01-08 | CVE-2018-5298 | Inadequate Encryption Strength vulnerability in PG Oral-B APP 5.0.0 In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences. | 7.5 |