Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-24 CVE-2017-11564 Out-of-bounds Write vulnerability in Dlink Eyeon Baby Monitor Firmware 1.08.1
The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework.
network
low complexity
dlink CWE-787
8.8
2018-08-24 CVE-2018-1699 SQL Injection vulnerability in IBM Maximo Asset Management
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to SQL injection.
network
low complexity
ibm CWE-89
8.8
2018-08-24 CVE-2018-3909 HTTP Request Smuggling vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-444
8.6
2018-08-23 CVE-2018-15822 Reachable Assertion vulnerability in multiple products
The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.
network
low complexity
ffmpeg debian canonical CWE-617
7.5
2018-08-23 CVE-2018-3911 HTTP Response Splitting vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17
An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17.
network
low complexity
samsung CWE-113
8.6
2018-08-23 CVE-2018-15807 Use of Insufficiently Random Values vulnerability in Posim EVO 15.13
POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature.
local
low complexity
posim CWE-330
7.8
2018-08-23 CVE-2018-14797 Uncontrolled Search Path Element vulnerability in Emerson Deltav
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary code execution.
local
low complexity
emerson CWE-427
7.8
2018-08-23 CVE-2018-14791 Improper Privilege Management vulnerability in Emerson Deltav
Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products.
local
low complexity
emerson CWE-269
7.8
2018-08-23 CVE-2018-1156 Out-of-bounds Write vulnerability in Mikrotik Routeros
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface.
network
low complexity
mikrotik CWE-787
8.8
2018-08-23 CVE-2003-1605 Credentials Management vulnerability in Haxx Curl
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.
network
low complexity
haxx CWE-255
7.5