Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-09 CVE-2018-5308 NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5
PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp).
local
low complexity
podofo-project CWE-476
7.8
2018-01-09 CVE-2012-3353 Information Exposure vulnerability in Apache Sling JCR Contentloader 2.1.4
The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks.
network
low complexity
apache CWE-200
7.5
2018-01-08 CVE-2015-2319 Improper Certificate Validation vulnerability in Mono-Project Mono
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
network
low complexity
mono-project CWE-295
7.5
2018-01-08 CVE-2015-2318 Improper Certificate Validation vulnerability in multiple products
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.
network
high complexity
mono-project debian CWE-295
8.1
2018-01-08 CVE-2014-2071 Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method.
high complexity
arubanetworks CWE-264
7.1
2018-01-08 CVE-2013-4364 Link Following vulnerability in Redhat Openshift 1.0/2.0
(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp.
local
low complexity
redhat CWE-59
7.8
2018-01-08 CVE-2018-5283 Path Traversal vulnerability in Photos in Wifi Project Photos in Wifi 1.0.1
The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php.
network
low complexity
photos-in-wifi-project CWE-22
7.5
2018-01-08 CVE-2018-5282 Out-of-bounds Write vulnerability in Kentico CMS
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document.
local
low complexity
kentico CWE-787
7.8
2018-01-08 CVE-2018-5259 Unspecified vulnerability in Discuz Discuzx X3.4
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
network
low complexity
discuz
8.8
2018-01-08 CVE-2018-5298 Inadequate Encryption Strength vulnerability in PG Oral-B APP 5.0.0
In the Procter & Gamble "Oral-B App" (aka com.pg.oralb.oralbapp) application 5.0.0 for Android, AES encryption with static parameters is used to secure the locally stored shared preferences.
network
low complexity
pg CWE-326
7.5