Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-08-06 CVE-2018-7092 Path Traversal vulnerability in HP Intelligent Management Center 7.3
A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09.
network
low complexity
hp CWE-22
7.5
2018-08-06 CVE-2018-7078 Unspecified vulnerability in HP products
A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30.
network
low complexity
hp
7.2
2018-08-06 CVE-2018-7069 Improper Authentication vulnerability in HP Centralview Fraud Risk Management
HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1.
network
low complexity
hp CWE-287
7.5
2018-08-06 CVE-2018-7060 Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass
Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users.
network
low complexity
arubanetworks CWE-352
8.8
2018-08-06 CVE-2018-7059 Improper Input Validation vulnerability in HP Aruba Clearpass Policy Manager
Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions.
network
low complexity
hp CWE-20
8.8
2018-08-06 CVE-2018-5390 Resource Exhaustion vulnerability in multiple products
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
7.5
2018-08-06 CVE-2018-14716 Code Injection vulnerability in Nystudio107 Seomatic
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
network
low complexity
nystudio107 CWE-94
7.5
2018-08-06 CVE-2018-13877 Improper Input Validation vulnerability in Megacryptopolis
The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability.
network
low complexity
megacryptopolis CWE-20
7.5
2018-08-06 CVE-2017-9003 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HPE Arubaos
Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes.
network
low complexity
hpe CWE-119
7.5
2018-08-06 CVE-2017-9001 Unspecified vulnerability in HP Aruba Clearpass Policy Manager
Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout", which causes ClearPass to lock accounts with too many login failures through SSH.
network
high complexity
hp
8.1