Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-31 | CVE-2018-5543 | Insufficiently Protected Credentials vulnerability in F5 Big-Ip Controller The F5 BIG-IP Controller for Kubernetes 1.0.0-1.5.0 (k8s-bigip-crtl) passes BIG-IP username and password as command line parameters, which may lead to disclosure of the credentials used by the container. | 8.8 |
| 2018-07-31 | CVE-2018-14581 | Improper Input Validation vulnerability in Red-Gate .Net Reflector and Smartassembly Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded resource file. | 7.8 |
| 2018-07-31 | CVE-2018-14533 | Unspecified vulnerability in Intenogroup Iopsys Firmware read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. | 7.8 |
| 2018-07-31 | CVE-2018-12942 | SQL Injection vulnerability in Seeddms SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. | 8.8 |
| 2018-07-31 | CVE-2018-12941 | Improper Input Validation vulnerability in Seeddms This vulnerability allows remote attackers to execute arbitrary code in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 by adding a system command at the end of the "cacheDir" path and following usage of the "Clear Cache" functionality. | 8.8 |
| 2018-07-31 | CVE-2018-12940 | Unrestricted Upload of File with Dangerous Type vulnerability in Seeddms Unrestricted file upload vulnerability in "op/op.UploadChunks.php" in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension specified by the "qqfile" parameter. | 8.8 |
| 2018-07-31 | CVE-2018-11338 | Cleartext Transmission of Sensitive Information vulnerability in Intuit Lacerte Intuit Lacerte 2017 for Windows in a client/server environment transfers the entire customer list in cleartext over SMB, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. | 7.5 |
| 2018-07-31 | CVE-2017-17707 | Missing Authorization vulnerability in Pleasantsolutions Pleasant Password Server Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. | 8.1 |
| 2018-07-31 | CVE-2018-8020 | Improper Certificate Validation vulnerability in multiple products Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. | 7.4 |
| 2018-07-31 | CVE-2018-8019 | Improper Certificate Validation vulnerability in multiple products When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. | 7.4 |