Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-03 CVE-2018-5080 Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020FC.
local
low complexity
k7computing CWE-20
7.8
2018-01-03 CVE-2018-5079 Improper Input Validation vulnerability in K7Computing Antivirus 15.1.0306
In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x83002130.
local
low complexity
k7computing CWE-20
7.8
2018-01-03 CVE-2017-1000485 Incorrect Permission Assignment for Critical Resource vulnerability in Nylas Mail Lives Project Nylas Mail 2.2.2
Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.
local
low complexity
nylas-mail-lives-project CWE-732
7.8
2018-01-03 CVE-2017-1000473 OS Command Injection vulnerability in Linux-Dash Project Linux-Dash
Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.
local
low complexity
linux-dash-project CWE-78
7.8
2018-01-03 CVE-2017-1000470 Integer Overflow or Wraparound vulnerability in Embedthis Goahead web Server 4.0.0
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.
network
low complexity
embedthis CWE-190
7.5
2018-01-03 CVE-2017-1000479 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set.
network
low complexity
opnsense-project netgate CWE-352
8.8
2018-01-03 CVE-2017-1000477 XXE vulnerability in Xmlbundle Project Xmlbundle 0.1.7
XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.
network
low complexity
xmlbundle-project CWE-611
7.5
2018-01-03 CVE-2017-1000489 Improper Authentication vulnerability in multiple products
Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address
network
high complexity
mautic acquia CWE-287
8.1
2018-01-03 CVE-2017-1000499 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyadmin
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness.
network
low complexity
phpmyadmin CWE-352
8.8
2018-01-03 CVE-2017-1000498 XXE vulnerability in Androidsvg Project Androidsvg 1.2.2
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
local
low complexity
androidsvg-project CWE-611
7.8