Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2017-7558 A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13.
network
low complexity
linux debian
7.5
2018-07-26 CVE-2017-7539 An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined.
network
low complexity
qemu redhat
7.5
2018-07-26 CVE-2017-7537 It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4.
network
low complexity
redhat dogtagpki
7.5
2018-07-26 CVE-2017-7530 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users.
network
low complexity
redhat
8.8
2018-07-25 CVE-2018-8090 Uncontrolled Search Path Element vulnerability in Quickheal Antivirus Pro, Internet Security and Total Security
Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading.
local
low complexity
quickheal CWE-427
7.8
2018-07-25 CVE-2018-14083 Information Exposure vulnerability in Lica Minicmts E8K Firmware
LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash.
network
low complexity
lica CWE-200
7.5
2018-07-25 CVE-2018-5240 Unspecified vulnerability in Symantec Inventory 8.0/8.1
The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
low complexity
symantec
8.0
2018-07-25 CVE-2017-10937 SQL Injection vulnerability in ZTE Zxiptv-Ucm Firmware
SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information.
network
low complexity
zte CWE-89
7.5
2018-07-25 CVE-2017-10936 SQL Injection vulnerability in ZTE Zxcdn-Sns Firmware
SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information.
network
low complexity
zte CWE-89
7.5
2018-07-25 CVE-2017-10935 Unspecified vulnerability in ZTE Zxr10 1800-2S Firmware 3.00.40
All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password.
network
low complexity
zte
7.2