Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-07 | CVE-2018-16663 | Out-of-bounds Write vulnerability in Contiki-Ng Contiki-Ng. An issue was discovered in Contiki-NG through 4.1. | 7.8 |
| 2018-09-07 | CVE-2016-9044 | Command Injection vulnerability in Informationbuilders Webfocus 8.1 An exploitable command execution vulnerability exists in Information Builders WebFOCUS Business Intelligence Portal 8.1 . | 8.8 |
| 2018-09-07 | CVE-2017-2795 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Marklogic 8.06 An exploitable heap corruption vulnerability exists in the Txo functionality of Antenna House DMC HTMLFilter as used by MarkLogic 8.0-6. | 8.6 |
| 2018-09-07 | CVE-2018-4010 | OS Command Injection vulnerability in Protonvpn 1.5.1 An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. | 7.8 |
| 2018-09-07 | CVE-2018-3952 | OS Command Injection vulnerability in Nordvpn 6.14.28.0 An exploitable code execution vulnerability exists in the connect functionality of NordVPN 6.14.28.0. | 8.8 |
| 2018-09-07 | CVE-2018-1756 | SQL Injection vulnerability in IBM Security Identity Governance and Intelligence 5.2.3.2/5.2.4 IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 is vulnerable to SQL injection. | 7.5 |
| 2018-09-07 | CVE-2018-0663 | Use of Hard-coded Credentials vulnerability in Iodata products Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. | 8.8 |
| 2018-09-07 | CVE-2018-0661 | Unspecified vulnerability in Iodata products Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. low complexity iodata | 8.8 |
| 2018-09-07 | CVE-2018-0658 | Improper Input Validation vulnerability in multiple products Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier allows an attacker with administrative rights to execute arbitrary PHP code on the server via unspecified vectors. | 7.2 |
| 2018-09-07 | CVE-2018-0650 | Improper Certificate Validation vulnerability in Linecorp Line Music 3.1.0 The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 7.4 |