Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-05 | CVE-2018-10601 | Out-of-bounds Write vulnerability in Philips products IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow. | 8.2 |
| 2018-06-05 | CVE-2018-10597 | Out-of-bounds Write vulnerability in Philips products IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. | 8.3 |
| 2018-06-05 | CVE-2018-1000189 | Unspecified vulnerability in Jenkins Absint Astree A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master. | 8.8 |
| 2018-06-05 | CVE-2017-7654 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. | 7.5 |
| 2018-06-05 | CVE-2018-7943 | Improper Authentication vulnerability in Huawei products There is an authentication bypass vulnerability in some Huawei servers. | 8.8 |
| 2018-06-05 | CVE-2018-10966 | Use of Hard-coded Credentials vulnerability in Gamerpolls 0.4.6 An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. | 7.3 |
| 2018-06-05 | CVE-2018-10813 | Use of Hard-coded Credentials vulnerability in Aprendecondedos Dedos-Web 1.0 In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. | 7.3 |
| 2018-06-05 | CVE-2017-1350 | Unspecified vulnerability in IBM Infosphere Information Server IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. | 7.8 |
| 2018-06-05 | CVE-2018-6662 | OS Command Injection vulnerability in Mcafee Management of Native Encryption Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. | 7.8 |
| 2018-06-05 | CVE-2018-1000181 | Information Exposure vulnerability in IBM Kitura Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure. | 7.5 |