Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-24 CVE-2017-3224 Insufficient Verification of Data Authenticity vulnerability in multiple products
Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber.
high complexity
quagga suse redhat CWE-345
8.2
2018-07-24 CVE-2017-3217 Missing Authentication for Critical Function vulnerability in Calamp products
CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller.
network
high complexity
calamp CWE-306
8.1
2018-07-24 CVE-2017-3210 Configuration vulnerability in multiple products
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution.
local
low complexity
portrait fujitsu hp philips CWE-16
7.8
2018-07-24 CVE-2017-3209 Incorrect Default Permissions vulnerability in Dbpower U818A Firmware
The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user.
low complexity
dbpower CWE-276
8.1
2018-07-24 CVE-2017-3189 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload.
network
high complexity
dotcms CWE-434
8.1
2018-07-24 CVE-2017-3187 Cross-Site Request Forgery (CSRF) vulnerability in Dotcms
The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery.
network
low complexity
dotcms CWE-352
8.8
2018-07-24 CVE-2017-3183 Incorrect Authorization vulnerability in Sage XRT Treasury 3.0
Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions.
network
low complexity
sage CWE-863
8.8
2018-07-24 CVE-2016-5638 Information Exposure vulnerability in Netgear Wndr4500 Firmware 1.0.1.401.0.6877
There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877.
network
low complexity
netgear CWE-200
7.5
2018-07-24 CVE-2018-13386 Argument Injection or Modification vulnerability in Atlassian Sourcetree
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories.
network
high complexity
atlassian CWE-88
8.1
2018-07-24 CVE-2018-10905 OS Command Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms.
local
low complexity
redhat CWE-78
7.8