Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-22 | CVE-2018-12642 | Incorrect Permission Assignment for Critical Resource vulnerability in Froxlor Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | 7.5 |
| 2018-06-22 | CVE-2018-12635 | Improper Input Validation vulnerability in Circontrol Scada 4.2.4 CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. | 7.5 |
| 2018-06-21 | CVE-2018-12631 | Path Traversal vulnerability in Redatam Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. | 7.5 |
| 2018-06-21 | CVE-2018-12613 | Improper Authentication vulnerability in PHPmyadmin 4.8.0/4.8.0.1/4.8.1 An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. | 8.8 |
| 2018-06-21 | CVE-2018-7683 | Information Exposure Through Log Files vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. | 7.5 |
| 2018-06-21 | CVE-2018-12617 | Integer Overflow or Wraparound vulnerability in multiple products qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. | 7.5 |
| 2018-06-21 | CVE-2017-2672 | Improper Privilege Management vulnerability in multiple products A flaw was found in foreman before version 1.15 in the logging of adding and registering images. | 8.8 |
| 2018-06-21 | CVE-2017-2669 | Improper Input Validation vulnerability in multiple products Dovecot before version 2.2.29 is vulnerable to a denial of service. | 7.5 |
| 2018-06-21 | CVE-2018-0365 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |
| 2018-06-21 | CVE-2018-0364 | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. | 8.8 |