Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-12 CVE-2018-2424 Improper Input Validation vulnerability in SAP products
SAP UI5 did not validate user input before adding it to the DOM structure.
network
low complexity
sap CWE-20
7.5
7.5
2018-06-12 CVE-2011-4182 Improper Input Validation vulnerability in Opensuse Sysconfig
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code.
network
high complexity
opensuse CWE-20
8.1
8.1
2018-06-12 CVE-2018-12249 NULL Pointer Dereference vulnerability in multiple products
An issue was discovered in mruby 1.4.1.
network
low complexity
mruby debian CWE-476
7.5
7.5
2018-06-12 CVE-2018-12248 Out-of-bounds Read vulnerability in Mruby 1.4.1
An issue was discovered in mruby 1.4.1.
network
low complexity
mruby CWE-125
7.5
7.5
2018-06-12 CVE-2018-12247 NULL Pointer Dereference vulnerability in Mruby 1.4.1
An issue was discovered in mruby 1.4.1.
network
low complexity
mruby CWE-476
7.5
7.5
2018-06-12 CVE-2017-3960 Unspecified vulnerability in Mcafee Network Security Manager
Exploitation of Authorization vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows authenticated users to gain elevated privileges via a crafted HTTP request parameter.
network
low complexity
mcafee
8.8
8.8
2018-06-12 CVE-2018-1075 Unspecified vulnerability in Ovirt
ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning.
local
low complexity
ovirt
7.8
7.8
2018-06-12 CVE-2018-1070 Improper Input Validation vulnerability in Redhat Openshift Container Platform
routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down.
network
low complexity
redhat CWE-20
7.5
7.5
2018-06-12 CVE-2018-0732 Key Management Errors vulnerability in multiple products
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client.
network
low complexity
openssl debian canonical nodejs CWE-320
7.5
7.5
2018-06-12 CVE-2018-12233 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file.
local
low complexity
linux canonical CWE-119
7.8
7.8