Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-20 | CVE-2018-12599 | Out-of-bounds Write vulnerability in multiple products In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. | 8.8 |
| 2018-06-20 | CVE-2018-10841 | glusterfs is vulnerable to privilege escalation on gluster server nodes. | 8.8 |
| 2018-06-20 | CVE-2018-6211 | OS Command Injection vulnerability in D-Link Dir-620 Firmware On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi. | 7.2 |
| 2018-06-20 | CVE-2018-5237 | Unspecified vulnerability in Symantec Endpoint Protection Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels. | 8.8 |
| 2018-06-20 | CVE-2018-6563 | Cross-Site Request Forgery (CSRF) vulnerability in Totemo Encryption Gateway 6.0.0 Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token. | 8.8 |
| 2018-06-20 | CVE-2018-12558 | Algorithmic Complexity vulnerability in Email::Address Module Project Email::Address The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. | 7.5 |
| 2018-06-20 | CVE-2018-12594 | Information Exposure vulnerability in Reliablecontrols Mach-Prowebcom Firmware 7.80 Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field. | 7.5 |
| 2018-06-20 | CVE-2018-12592 | Information Exposure vulnerability in Polycom Realpresence web Suite Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). | 7.5 |
| 2018-06-20 | CVE-2018-12591 | OS Command Injection vulnerability in Ubnt Edgeswitch Firmware Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. | 7.2 |
| 2018-06-20 | CVE-2018-12590 | Use of Externally-Controlled Format String vulnerability in UI Edgeswitch Firmware 1.7.3 Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and privilege escalation greater than administrators themselves are allowed. | 7.2 |