Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-25 | CVE-2018-14559 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda Ac10 Firmware, AC7 Firmware and AC9 Firmware An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). | 7.8 |
2019-04-25 | CVE-2018-14557 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tenda Ac10 Firmware, AC7 Firmware and AC9 Firmware An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). | 7.8 |
2019-04-25 | CVE-2018-18286 | SQL Injection vulnerability in Mitel CMG Suite 8.4 SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd interface. | 7.5 |
2019-04-25 | CVE-2019-9139 | Integer Overflow or Wraparound vulnerability in Datools Daviewindy DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. | 7.8 |
2019-04-25 | CVE-2017-16558 | SQL Injection vulnerability in Contao CMS Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module. | 7.5 |
2019-04-25 | CVE-2018-20053 | Unspecified vulnerability in Cerner Connectivity Engine 4 Firmware An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. | 7.5 |
2019-04-25 | CVE-2018-20052 | Insecure Default Initialization of Resource vulnerability in Cerner Connectivity Engine 4 Firmware An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. | 7.2 |
2019-04-25 | CVE-2019-9900 | Injection vulnerability in multiple products When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). | 8.3 |
2019-04-25 | CVE-2019-3900 | Infinite Loop vulnerability in multiple products An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). | 7.7 |
2019-04-25 | CVE-2018-20823 | Improper Input Validation vulnerability in MI 5S Firmware The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. | 7.5 |