Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-23 | CVE-2018-11451 | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.80), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58). | 7.5 |
| 2018-07-23 | CVE-2018-14570 | Unrestricted Upload of File with Dangerous Type vulnerability in Niushop B2B2C Multi-Business 1.11 A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content. | 8.8 |
| 2018-07-23 | CVE-2018-14568 | Unspecified vulnerability in Suricata-Ids Suricata Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. | 7.5 |
| 2018-07-23 | CVE-2018-1999002 | A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to. | 7.5 |
| 2018-07-23 | CVE-2018-1999001 | A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. | 8.8 |
| 2018-07-23 | CVE-2018-1999023 | Code Injection vulnerability in Wesnoth the Battle for Wesnoth The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. | 8.8 |
| 2018-07-23 | CVE-2018-6683 | Incorrect Default Permissions vulnerability in Mcafee Data Loss Prevention Endpoint Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | 7.4 |
| 2018-07-23 | CVE-2018-1999011 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution. | 8.8 |
| 2018-07-23 | CVE-2018-1999009 | Information Exposure vulnerability in Octobercms October October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution. | 8.1 |
| 2018-07-23 | CVE-2018-14523 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in aubio 0.4.6. | 8.8 |