Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2018-5080 | Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC. | 7.8 |
| 2018-01-03 | CVE-2018-5079 | Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306 In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130. | 7.8 |
| 2018-01-03 | CVE-2017-1000485 | Incorrect Permission Assignment for Critical Resource vulnerability in Nylas Mail Lives Project Nylas Mail 2.2.2 Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations. | 7.8 |
| 2018-01-03 | CVE-2017-1000473 | OS Command Injection vulnerability in Linux-Dash Project Linux-Dash Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root. | 7.8 |
| 2018-01-03 | CVE-2017-1000470 | Integer Overflow or Wraparound vulnerability in Embedthis Goahead web Server 4.0.0 EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service. | 7.5 |
| 2018-01-03 | CVE-2017-1000479 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. | 8.8 |
| 2018-01-03 | CVE-2017-1000477 | XXE vulnerability in Xmlbundle Project Xmlbundle 0.1.7 XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks. | 7.5 |
| 2018-01-03 | CVE-2017-1000489 | Improper Authentication vulnerability in multiple products Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address | 8.1 |
| 2018-01-03 | CVE-2017-1000499 | Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. | 8.8 |
| 2018-01-03 | CVE-2017-1000498 | XXE vulnerability in Androidsvg Project Androidsvg 1.2.2 AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution | 7.8 |