v.26.4.2314

Critical Severity Vulnerabilities

Found 1593 vulnerabilities at Critical severity.

Vulnerability Name

CVE

CWE

Severity

Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648)

CVE-2017-5648

CWE-668

Critical

Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)

CVE-2017-5651

-

Critical

ReviveAdserver Deserialization of Untrusted Data Vulnerability (CVE-2017-5830)

CVE-2017-5830

CWE-502

Critical

Atlassian Jira Deserialization of Untrusted Data Vulnerability (CVE-2017-5983)

CVE-2017-5983

CWE-502

Critical

Drupal Data Processing Errors Vulnerability (CVE-2017-6920)

CVE-2017-6920

-

Critical

Drupal CVE-2017-6925 Vulnerability (CVE-2017-6925)

CVE-2017-6925

-

Critical

Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7269)

CVE-2017-7269

CWE-119

Critical

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)

CVE-2017-7321

CWE-94

Critical

MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)

CVE-2017-7324

CWE-94

Critical

Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)

CVE-2017-7464

CWE-611

Critical

Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7465)

CVE-2017-7465

CWE-94

Critical

Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7503)

CVE-2017-7503

CWE-611

Critical

Jboss Deserialization of Untrusted Data Vulnerability (CVE-2017-7504)

CVE-2017-7504

CWE-502

Critical

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)

CVE-2017-7525

CWE-502

Critical

PostgreSQL Improper Authentication Vulnerability (CVE-2017-7546)

CVE-2017-7546

CWE-287

Critical

Jetty Integer Overflow or Wraparound Vulnerability (CVE-2017-7657)

CVE-2017-7657

CWE-190

Critical

Jetty Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7658)

CVE-2017-7658

CWE-444

Critical

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7679)

CVE-2017-7679

CWE-119

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7886)

CVE-2017-7886

CWE-138

Critical

Dolibarr Inadequate Encryption Strength Vulnerability (CVE-2017-7888)

CVE-2017-7888

CWE-326

Critical

Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-8807)

CVE-2017-8807

CWE-119

Critical

MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-8809)

CVE-2017-8809

CWE-138

Critical

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-8917)

CVE-2017-8917

CWE-138

Critical

PHP Improper Input Validation Vulnerability (CVE-2017-8923)

CVE-2017-8923

CWE-20

Critical

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-9119)

CVE-2017-9119

CWE-400

Critical

PHP Integer Overflow or Wraparound Vulnerability (CVE-2017-9120)

CVE-2017-9120

CWE-190

Critical

PHP Out-of-bounds Read Vulnerability (CVE-2017-9224)

CVE-2017-9224

CWE-125

Critical

PHP Out-of-bounds Write Vulnerability (CVE-2017-9226)

CVE-2017-9226

CWE-787

Critical

PHP Out-of-bounds Read Vulnerability (CVE-2017-9227)

CVE-2017-9227

CWE-125

Critical

PHP Out-of-bounds Write Vulnerability (CVE-2017-9228)

CVE-2017-9228

CWE-787

Critical

Telerik Web UI Insufficiently Protected Credentials Vulnerability (CVE-2017-9248)

CVE-2017-9248

CWE-522

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9435)

CVE-2017-9435

CWE-138

Critical

ProjectSend Improper Input Validation Vulnerability (CVE-2017-9741)

CVE-2017-9741

CWE-20

Critical

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)

CVE-2017-9788

CWE-20

Critical

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)

CVE-2017-9788

CWE-200

Critical

RubyGems Improper Verification of Cryptographic Signature Vulnerability (CVE-2018-1000076)

CVE-2018-1000076

CWE-347

Critical

WebLogic Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2018-1000613)

CVE-2018-1000613

CWE-470

Critical

Python Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-1000802)

CVE-2018-1000802

CWE-138

Critical

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1000861)

CVE-2018-1000861

CWE-502

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-10094)

CVE-2018-10094

CWE-138

Critical

Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2018-11325)

CVE-2018-11325

CWE-209

Critical

Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12026)

CVE-2018-12026

CWE-59

Critical

PHP Use After Free Vulnerability (CVE-2018-12882)

CVE-2018-12882

CWE-416

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13447)

CVE-2018-13447

CWE-138

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13448)

CVE-2018-13448

CWE-138

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13449)

CVE-2018-13449

CWE-138

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13450)

CVE-2018-13450

CWE-138

Critical

PrestaShop CVE-2018-13784 Vulnerability (CVE-2018-13784)

CVE-2018-13784

-

Critical

GlassFish Use of Hard-coded Credentials Vulnerability (CVE-2018-14324)

CVE-2018-14324

CWE-798

Critical

Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2018-14719)

CVE-2018-14719

CWE-502

Critical

Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-14720)

CVE-2018-14720

CWE-502

Critical

Jboss EAP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-14721)

CVE-2018-14721

CWE-918

Critical

Grafana Improper Authentication Vulnerability (CVE-2018-15727)

CVE-2018-15727

CWE-287

Critical

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-15882)

CVE-2018-15882

CWE-434

Critical

Ruby CVE-2018-16395 Vulnerability (CVE-2018-16395)

CVE-2018-16395

-

Critical

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16809)

CVE-2018-16809

CWE-138

Critical

PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16850)

CVE-2018-16850

CWE-138

Critical

LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2018-17057)

CVE-2018-17057

CWE-502

Critical

Perl Out-of-bounds Write Vulnerability (CVE-2018-18311)

CVE-2018-18311

CWE-787

Critical

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-18312)

CVE-2018-18312

CWE-119

Critical

Perl Out-of-bounds Read Vulnerability (CVE-2018-18313)

CVE-2018-18313

CWE-125

Critical

Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-18314)

CVE-2018-18314

CWE-119

Critical

Vanilla Forums Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18903)

CVE-2018-18903

CWE-94

Critical

Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019)

CVE-2018-1999019

CWE-94

Critical

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19126)

CVE-2018-19126

CWE-434

Critical

PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19355)

CVE-2018-19355

CWE-434

Critical

Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)

CVE-2018-19971

CWE-345

Critical

PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115)

CVE-2018-1115

CWE-732

Critical

Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312)

CVE-2018-1312

CWE-287

Critical

IBM WebSEAL CVE-2018-1722 Vulnerability (CVE-2018-1722)

CVE-2018-1722

-

Critical

WordPress Deserialization of Untrusted Data Vulnerability (CVE-2018-20148)

CVE-2018-20148

CWE-502

Critical

CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20716)

CVE-2018-20716

CWE-138

Critical

WP Plugin Contact Form 7 CVE-2018-20979 Vulnerability (CVE-2018-20979)

CVE-2018-20979

-

Critical

Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246)

CVE-2018-21246

CWE-287

Critical

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-2628)

CVE-2018-2628

CWE-502

Critical