Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-24 | CVE-2017-3224 | Insufficient Verification of Data Authenticity vulnerability in multiple products Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. | 8.2 |
| 2018-07-24 | CVE-2017-3217 | Missing Authentication for Critical Function vulnerability in Calamp products CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text message) interface that can be deployed where no password is configured for this interface by the integrator / reseller. | 8.1 |
| 2018-07-24 | CVE-2017-3210 | Configuration vulnerability in multiple products Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. | 7.8 |
| 2018-07-24 | CVE-2017-3209 | Incorrect Default Permissions vulnerability in Dbpower U818A Firmware The DBPOWER U818A WIFI quadcopter drone provides FTP access over its own local access point, and allows full file permissions to the anonymous user. | 8.1 |
| 2018-07-24 | CVE-2017-3189 | Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. | 8.1 |
| 2018-07-24 | CVE-2017-3187 | Cross-Site Request Forgery (CSRF) vulnerability in Dotcms The dotCMS administration panel, versions 3.7.1 and earlier, are vulnerable to cross-site request forgery. | 8.8 |
| 2018-07-24 | CVE-2017-3183 | Incorrect Authorization vulnerability in Sage XRT Treasury 3.0 Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functions. | 8.8 |
| 2018-07-24 | CVE-2016-5638 | Information Exposure vulnerability in Netgear Wndr4500 Firmware 1.0.1.401.0.6877 There are few web pages associated with the genie app on the Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877. | 7.5 |
| 2018-07-24 | CVE-2018-13386 | Argument Injection or Modification vulnerability in Atlassian Sourcetree There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. | 8.1 |
| 2018-07-24 | CVE-2018-10905 | OS Command Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. | 7.8 |