Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-02 CVE-2018-12577 OS Command Injection vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16
The Ping and Traceroute features on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow authenticated blind Command Injection.
network
low complexity
tp-link CWE-78
8.8
8.8
2018-07-02 CVE-2018-12574 Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16
CSRF exists for all actions in the web interface on TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices.
network
low complexity
tp-link CWE-352
8.8
8.8
2018-07-02 CVE-2018-12529 Cross-Site Request Forgery (CSRF) vulnerability in Intex N150 Firmware
An issue was discovered on Intex N150 devices.
network
low complexity
intex CWE-352
8.8
8.8
2018-07-02 CVE-2018-12528 Unrestricted Upload of File with Dangerous Type vulnerability in Intex N150 Firmware
An issue was discovered on Intex N150 devices.
network
low complexity
intex CWE-434
8.1
8.1
2018-07-02 CVE-2018-12499 Improper Certificate Validation vulnerability in Motorola Mbp853 Firmware
The Motorola MBP853 firmware does not correctly validate server certificates.
network
high complexity
motorola CWE-295
7.4
7.4
2018-07-02 CVE-2018-13056 Improper Input Validation vulnerability in Zzcms 8.3
An issue was discovered on zzcms 8.3.
network
low complexity
zzcms CWE-20
7.5
7.5
2018-07-02 CVE-2018-13054 Link Following vulnerability in multiple products
An issue was discovered in Cinnamon 1.9.2 through 3.8.6.
network
low complexity
debian linuxmint CWE-59
8.1
8.1
2018-07-02 CVE-2018-8039 Improper Handling of Exceptional Conditions vulnerability in multiple products
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'.
network
high complexity
apache redhat CWE-755
8.1
8.1
2018-07-02 CVE-2018-10874 Unspecified vulnerability in Redhat products
In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.
local
low complexity
redhat
7.8
7.8
2018-07-02 CVE-2018-13049 SQL Injection vulnerability in Glpi-Project Glpi
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
network
low complexity
glpi-project CWE-89
8.8
8.8