Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-27 | CVE-2018-3918 | Improper Enforcement of Message or Data Structure vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 7.5 |
| 2018-08-27 | CVE-2018-3893 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 8.8 |
| 2018-08-27 | CVE-2018-15887 | OS Command Injection vulnerability in Asus Dsl-N12E C1 Firmware 1.1.2.3345 Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request. | 8.8 |
| 2018-08-27 | CVE-2018-15810 | Path Traversal vulnerability in Visiology Flipbox 2.0.0/2.6.0 Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters. | 7.5 |
| 2018-08-27 | CVE-2018-15694 | Path Traversal vulnerability in Asustor Data Master ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. | 7.5 |
| 2018-08-27 | CVE-2018-15895 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. | 7.5 |
| 2018-08-26 | CVE-2018-15885 | Improper Input Validation vulnerability in Ovation Findme 1.410831 Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. | 7.5 |
| 2018-08-26 | CVE-2018-15877 | OS Command Injection vulnerability in Plainview Activity Monitor Project Plainview Activity Monitor The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. | 8.8 |
| 2018-08-25 | CVE-2018-15857 | Use After Free vulnerability in multiple products An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file. | 7.8 |
| 2018-08-25 | CVE-2018-15851 | Cross-Site Request Forgery (CSRF) vulnerability in Flexocms Project Flexo CMS 0.1.6 An issue was discovered in Flexo CMS v0.1.6. | 8.8 |