Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-17 | CVE-2018-6622 | Unspecified vulnerability in Trustedcomputinggroup Trusted Platform Module 2.0 An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. | 7.1 |
| 2018-08-17 | CVE-2018-15471 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. | 7.8 |
| 2018-08-17 | CVE-2018-14057 | Cross-Site Request Forgery (CSRF) vulnerability in Pimcore Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. | 8.8 |
| 2018-08-17 | CVE-2018-15360 | Use of Hard-coded Credentials vulnerability in Eltex Esp-200 Firmware 1.2.0 An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. | 7.3 |
| 2018-08-17 | CVE-2018-15359 | Unspecified vulnerability in Eltex Esp-200 Firmware 1.2.0 An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0. | 8.8 |
| 2018-08-17 | CVE-2018-15358 | Improper Input Validation vulnerability in Eltex Esp-200 Firmware 1.2.0 An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. | 8.8 |
| 2018-08-17 | CVE-2018-15356 | Command Injection vulnerability in Eltex Esp-200 Firmware 1.2.0 An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. | 8.8 |
| 2018-08-17 | CVE-2018-15354 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kraftway 24F2Xg Router Firmware 3.5.30.1118 A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. | 7.5 |
| 2018-08-17 | CVE-2018-5547 | Missing Authorization vulnerability in F5 Big-Ip Access Policy Manager Client 7.1.6/7.1.6.1/7.1.7 Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. | 7.8 |
| 2018-08-17 | CVE-2018-5546 | Incorrect Permission Assignment for Critical Resource vulnerability in F5 products The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. | 7.8 |