Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-10 CVE-2018-11048 XXE vulnerability in Dell products
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API.
network
low complexity
dell CWE-611
8.1
2018-08-10 CVE-2018-14785 Information Exposure vulnerability in Netcommwireless Nwl-25 Firmware 2.0.29.11
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.
network
low complexity
netcommwireless CWE-200
7.5
2018-08-10 CVE-2018-14783 Cross-Site Request Forgery (CSRF) vulnerability in Netcommwireless Nwl-25 Firmware 2.0.29.11
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.
network
low complexity
netcommwireless CWE-352
8.8
2018-08-10 CVE-2018-14782 Improper Authentication vulnerability in Netcommwireless Nwl-25 Firmware 2.0.29.11
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior.
network
low complexity
netcommwireless CWE-287
7.5
2018-08-10 CVE-2018-13341 Unspecified vulnerability in Crestron MC3 Firmware and Tsw-X60 Firmware
Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges.
network
low complexity
crestron
8.8
2018-08-10 CVE-2018-10622 Insufficiently Protected Credentials vulnerability in Medtronic products
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor.
high complexity
medtronic CWE-522
7.1
2018-08-10 CVE-2018-14028 Unrestricted Upload of File with Dangerous Type vulnerability in Wordpress 4.9.7
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files.
network
low complexity
wordpress CWE-434
7.2
2018-08-10 CVE-2018-11492 Unspecified vulnerability in Asus Hg100 Firmware
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
network
low complexity
asus
7.5
2018-08-10 CVE-2018-6553 The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links.
local
low complexity
debian canonical cups
8.8
2018-08-10 CVE-2018-15187 Cross-Site Request Forgery (CSRF) vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script 4.0.9
PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php.
8.0