Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-23 CVE-2018-11451 Improper Input Validation vulnerability in Siemens products
A vulnerability has been identified in Firmware variant IEC 61850 for EN100 Ethernet module (All versions < V4.33), Firmware variant PROFINET IO for EN100 Ethernet module (All versions), Firmware variant Modbus TCP for EN100 Ethernet module (All versions), Firmware variant DNP3 TCP for EN100 Ethernet module (All versions), Firmware variant IEC104 for EN100 Ethernet module (All versions < V1.22), SIPROTEC 5 relays with CPU variants CP300 and CP100 and the respective Ethernet communication modules (All versions < V7.80), SIPROTEC 5 relays with CPU variants CP200 and the respective Ethernet communication modules (All versions < V7.58).
network
low complexity
siemens CWE-20
7.5
2018-07-23 CVE-2018-14570 Unrestricted Upload of File with Dangerous Type vulnerability in Niushop B2B2C Multi-Business 1.11
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profile avatar field, by using an image Content-Type (e.g., image/jpeg) with a modified filename and file content.
network
low complexity
niushop CWE-434
8.8
2018-07-23 CVE-2018-14568 Unspecified vulnerability in Suricata-Ids Suricata
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server.
network
low complexity
suricata-ids
7.5
2018-07-23 CVE-2018-1999002 A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
network
low complexity
jenkins oracle
7.5
2018-07-23 CVE-2018-1999001 A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory.
network
low complexity
jenkins oracle
8.8
2018-07-23 CVE-2018-1999023 Code Injection vulnerability in Wesnoth the Battle for Wesnoth
The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox.
network
low complexity
wesnoth CWE-94
8.8
2018-07-23 CVE-2018-6683 Incorrect Default Permissions vulnerability in Mcafee Data Loss Prevention Endpoint
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
low complexity
mcafee CWE-276
7.4
2018-07-23 CVE-2018-1999011 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg
FFmpeg before commit 2b46ebdbff1d8dec7a3d8ea280a612b91a582869 contains a Buffer Overflow vulnerability in asf_o format demuxer that can result in heap-buffer-overflow that may result in remote code execution.
network
low complexity
ffmpeg CWE-119
8.8
2018-07-23 CVE-2018-1999009 Information Exposure vulnerability in Octobercms October
October CMS version prior to Build 437 contains a Local File Inclusion vulnerability in modules/system/traits/ViewMaker.php#244 (makeFileContents function) that can result in Sensitive information disclosure and remote code execution.
network
high complexity
octobercms CWE-200
8.1
2018-07-23 CVE-2018-14523 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in aubio 0.4.6.
network
low complexity
aubio opensuse suse CWE-125
8.8