Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2018-11136 | SQL Injection vulnerability in Quest Kace System Management Appliance 8.0.318 The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type). | 7.5 |
| 2018-05-31 | CVE-2018-11135 | Unspecified vulnerability in Quest Kace System Management Appliance 8.0.318 The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. | 8.8 |
| 2018-05-31 | CVE-2018-9322 | Protection Mechanism Failure vulnerability in BMW Head Unit HU NBT Firmware The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. | 7.2 |
| 2018-05-31 | CVE-2018-9320 | Protection Mechanism Failure vulnerability in BMW Head Unit HU NBT Firmware The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | 7.2 |
| 2018-05-31 | CVE-2018-9314 | Protection Mechanism Failure vulnerability in BMW Head Unit HU NBT Firmware The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows an attack by an attacker who has direct physical access. | 7.2 |
| 2018-05-31 | CVE-2018-9312 | Protection Mechanism Failure vulnerability in BMW Head Unit HU NBT Firmware The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in. | 7.2 |
| 2018-05-31 | CVE-2018-11576 | Out-of-bounds Read vulnerability in Miniupnp Project Ngiflib 0.4 ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. | 7.5 |
| 2018-05-31 | CVE-2018-11575 | Out-of-bounds Write vulnerability in Miniupnp Project Ngiflib 0.4 ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg. | 7.5 |
| 2018-05-30 | CVE-2018-11482 | Use of Hard-coded Credentials vulnerability in Tp-Link products /usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. | 7.5 |
| 2018-05-30 | CVE-2018-11556 | Out-of-bounds Write vulnerability in Littlecms Little CMS 2.9 tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. | 7.8 |