Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-22 | CVE-2016-10709 | OS Command Injection vulnerability in Pfsense 2.2.6 pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php. | 8.8 |
| 2018-01-22 | CVE-2018-5960 | SQL Injection vulnerability in Tribalsystems Zenario Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | 8.8 |
| 2018-01-21 | CVE-2018-5958 | Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0 In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402424. | 7.8 |
| 2018-01-21 | CVE-2018-5957 | Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0 In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C40242C. | 7.8 |
| 2018-01-21 | CVE-2018-5956 | Improper Input Validation vulnerability in Zillya Zillya! Antivirus 3.0.2230.0 In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402414. | 7.8 |
| 2018-01-21 | CVE-2016-10708 | NULL Pointer Dereference vulnerability in multiple products sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c. | 7.5 |
| 2018-01-20 | CVE-2017-15112 | Information Exposure vulnerability in Keycloak-Httpd-Client-Install Project Keycloak-Httpd-Client-Install keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users. | 7.8 |
| 2018-01-20 | CVE-2017-15108 | spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. | 7.8 |
| 2018-01-20 | CVE-2017-12130 | NULL Pointer Dereference vulnerability in Tinysvcmdns Project Tinysvcmdns 20171105 An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. | 7.5 |
| 2018-01-19 | CVE-2017-14460 | Unspecified vulnerability in Parity Ethereum Client 1.7.8 An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. | 7.5 |