Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-06 | CVE-2017-16654 | Path Traversal vulnerability in multiple products An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. | 7.5 |
| 2018-08-06 | CVE-2017-16252 | Out-of-bounds Write vulnerability in Insteon HUB Firmware 1012 Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. | 8.1 |
| 2018-08-06 | CVE-2018-7092 | Path Traversal vulnerability in HP Intelligent Management Center 7.3 A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. | 7.5 |
| 2018-08-06 | CVE-2018-7078 | Unspecified vulnerability in HP products A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. | 7.2 |
| 2018-08-06 | CVE-2018-7069 | Improper Authentication vulnerability in HP Centralview Fraud Risk Management HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. | 7.5 |
| 2018-08-06 | CVE-2018-7060 | Cross-Site Request Forgery (CSRF) vulnerability in Arubanetworks Clearpass Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. | 8.8 |
| 2018-08-06 | CVE-2018-7059 | Improper Input Validation vulnerability in HP Aruba Clearpass Policy Manager Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. | 8.8 |
| 2018-08-06 | CVE-2018-5390 | Resource Exhaustion vulnerability in multiple products Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. | 7.5 |
| 2018-08-06 | CVE-2018-14716 | Code Injection vulnerability in Nystudio107 Seomatic A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code. | 7.5 |
| 2018-08-06 | CVE-2018-13877 | Improper Input Validation vulnerability in Megacryptopolis The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. | 7.5 |