Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-06 | CVE-2018-7092 | Path Traversal vulnerability in HP Intelligent Management Center 7.3 A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. | 7.5 |
| 2018-08-06 | CVE-2018-7078 | Unspecified vulnerability in HP products A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. | 7.2 |
| 2018-08-06 | CVE-2018-7069 | Improper Authentication vulnerability in HP Centralview Fraud Risk Management HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. | 7.5 |
| 2018-08-06 | CVE-2018-7060 | Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. | 8.8 |
| 2018-08-06 | CVE-2018-7059 | Improper Input Validation vulnerability in HP Aruba Clearpass Policy Manager Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. | 8.8 |
| 2018-08-06 | CVE-2018-5390 | Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | 7.5 |
| 2018-08-06 | CVE-2018-14716 | Code Injection vulnerability in Nystudio107 Seomatic A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code. | 7.5 |
| 2018-08-06 | CVE-2018-13877 | Improper Input Validation vulnerability in Megacryptopolis The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. | 7.5 |
| 2018-08-06 | CVE-2017-9003 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HPE Arubaos Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. | 7.5 |
| 2018-08-06 | CVE-2017-9001 | Unspecified vulnerability in HP Aruba Clearpass Policy Manager Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH. | 8.1 |