Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-09 | CVE-2015-1290 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. | 8.8 |
| 2018-01-09 | CVE-2018-2363 | Code Injection vulnerability in SAP products SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. | 8.8 |
| 2018-01-09 | CVE-2018-2361 | Incorrect Authorization vulnerability in SAP Solution Manager 7.20 In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. | 8.8 |
| 2018-01-09 | CVE-2018-2360 | Missing Authentication for Critical Function vulnerability in SAP Kernel 7.45/7.49/7.52 SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an authentication check for functionalities that require user identity and cause consumption of file system storage. | 7.5 |
| 2018-01-09 | CVE-2018-5308 | NULL Pointer Dereference vulnerability in Podofo Project Podofo 0.9.5 PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). | 7.8 |
| 2018-01-09 | CVE-2012-3353 | Information Exposure vulnerability in Apache Sling JCR Contentloader 2.1.4 The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. | 7.5 |
| 2018-01-08 | CVE-2015-2319 | Improper Certificate Validation vulnerability in Mono-Project Mono The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | 7.5 |
| 2018-01-08 | CVE-2015-2318 | Improper Certificate Validation vulnerability in multiple products The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | 8.1 |
| 2018-01-08 | CVE-2014-2071 | Permissions, Privileges, and Access Controls vulnerability in Arubanetworks Clearpass Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | 7.1 |
| 2018-01-08 | CVE-2013-4364 | Link Following vulnerability in Redhat Openshift 1.0/2.0 (1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp. | 7.8 |