Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-21 | CVE-2018-1711 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. | 7.8 |
| 2018-09-21 | CVE-2018-1710 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 10.1/10.5/11.1 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. | 7.8 |
| 2018-09-21 | CVE-2018-14645 | Out-of-bounds Read vulnerability in multiple products A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. | 7.5 |
| 2018-09-21 | CVE-2018-17297 | Path Traversal vulnerability in Hutool The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive. | 7.5 |
| 2018-09-21 | CVE-2018-17293 | NULL Pointer Dereference vulnerability in Webassembly Virtual Machine Project Webassembly Virtual Machine An issue was discovered in WAVM before 2018-09-16. | 8.8 |
| 2018-09-21 | CVE-2018-17283 | SQL Injection vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL Injection attack via the /api/json/device/setManaged name parameter. | 7.5 |
| 2018-09-20 | CVE-2018-16752 | Insecure Default Initialization of Resource vulnerability in Linknet-Usa Lw-N605R Firmware 12.20.2.1486 LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. | 8.8 |
| 2018-09-20 | CVE-2018-16282 | OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.2 A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/net_WebCADELETEGetValue URI. | 8.8 |
| 2018-09-20 | CVE-2018-15832 | Improper Input Validation vulnerability in Ubisoft Uplay 63.0.5699.0 upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. | 8.8 |
| 2018-09-20 | CVE-2018-6505 | Unspecified vulnerability in HP Arcsight Management Center 2.0/2.9.1 A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. | 7.5 |