Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-25 | CVE-2017-10937 | SQL Injection vulnerability in ZTE Zxiptv-Ucm Firmware SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information. | 7.5 |
| 2018-07-25 | CVE-2017-10936 | SQL Injection vulnerability in ZTE Zxcdn-Sns Firmware SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information. | 7.5 |
| 2018-07-25 | CVE-2017-10935 | Unspecified vulnerability in ZTE Zxr10 1800-2S Firmware 3.00.40 All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password. | 7.2 |
| 2018-07-25 | CVE-2018-5542 | Improper Input Validation vulnerability in F5 products F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.6, or 11.2.1-11.6.3.2 HTTPS health monitors do not validate the identity of the monitored server. | 8.1 |
| 2018-07-25 | CVE-2018-5541 | Resource Exhaustion vulnerability in F5 Big-Ip Application Security Manager When F5 BIG-IP ASM 13.0.0-13.1.0.1, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.5.1-11.5.6 is processing HTTP requests, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. | 7.5 |
| 2018-07-25 | CVE-2018-5539 | Unspecified vulnerability in F5 Big-Ip Application Security Manager Under certain conditions, on F5 BIG-IP ASM 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, 11.5.1-11.5.6, or 11.2.1, when processing CSRF protections, the BIG-IP ASM bd process may restart and produce a core file. | 7.5 |
| 2018-07-25 | CVE-2018-5536 | Missing Release of Resource after Effective Lifetime vulnerability in F5 Big-Ip Access Policy Manager A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module. | 7.5 |
| 2018-07-25 | CVE-2018-5531 | Improper Input Validation vulnerability in F5 products Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. | 7.4 |
| 2018-07-25 | CVE-2018-5530 | Resource Exhaustion vulnerability in F5 products F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.1 virtual servers with HTTP/2 profiles enabled are vulnerable to "HPACK Bomb". | 7.5 |
| 2018-07-25 | CVE-2018-6971 | Information Exposure Through Log Files vulnerability in VMWare Horizon View Agents VMware Horizon View Agents (7.x.x before 7.5.1) contain a local information disclosure vulnerability due to insecure logging of credentials in the vmmsi.log file when an account other than the currently logged on user is specified during installation (including silent installations). | 7.8 |