windows 7 vulnerabilities and exploits

10
HIGH
CVE-2018-0171

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected...

CiscoIos
NA
CVE-2018-5757

Rhino CVE Proof-of-Concept Exploits A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs. CVE-2018-1000110: User and Node Enumeration Through Jenkins Git Plugin <v3.7 CVE-2018-20621: MEmu Android Emulator Local...

4.9
MEDIUM
CVE-2018-8024

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to...

ApacheSparkMozillaFirefox
6.8
MEDIUM
CVE-2018-5758

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files....

AureaJive-n
7.2
HIGH
CVE-2018-20621

An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe service binary is vulnerable to local privilege escalation through binary planting due to insecure permissions set at install time. This allows code to be run as NT AUTHORITY/SYSTEM....

MicrovirtMemu
9.3
HIGH
CVE-2018-1335

From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to...

ApacheTika
5
MEDIUM
CVE-2018-1000110

An improper authorization vulnerability exists in Jenkins Git Plugin version 3.7.0 and earlier in GitStatus.java that allows an attacker with network access to obtain a list of nodes and users....

JenkinsGit
10
HIGH
CVE-2016-3714

The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."...

ImagemagickImagemagickCanonicalUbuntu Linux
4.3
MEDIUM
CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be...

WordpressWordpress
6.5
MEDIUM
CVE-2018-12613

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for...

PhpmyadminPhpmyadmin