Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-05 CVE-2018-10601 Out-of-bounds Write vulnerability in Philips products
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.
high complexity
philips CWE-787
8.2
2018-06-05 CVE-2018-10597 Out-of-bounds Write vulnerability in Philips products
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
high complexity
philips CWE-787
8.3
2018-06-05 CVE-2018-1000189 Unspecified vulnerability in Jenkins Absint Astree
A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins master.
network
low complexity
jenkins
8.8
2018-06-05 CVE-2017-7654 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker.
network
low complexity
eclipse debian CWE-772
7.5
2018-06-05 CVE-2018-7943 Improper Authentication vulnerability in Huawei products
There is an authentication bypass vulnerability in some Huawei servers.
network
low complexity
huawei CWE-287
8.8
2018-06-05 CVE-2018-10966 Use of Hard-coded Credentials vulnerability in Gamerpolls 0.4.6
An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js.
network
low complexity
gamerpolls CWE-798
7.3
2018-06-05 CVE-2018-10813 Use of Hard-coded Credentials vulnerability in Aprendecondedos Dedos-Web 1.0
In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub.
network
low complexity
aprendecondedos CWE-798
7.3
2018-06-05 CVE-2017-1350 Unspecified vulnerability in IBM Infosphere Information Server
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls.
local
low complexity
ibm
7.8
2018-06-05 CVE-2018-6662 OS Command Injection vulnerability in Mcafee Management of Native Encryption
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.
local
low complexity
mcafee CWE-78
7.8
2018-06-05 CVE-2018-1000181 Information Exposure vulnerability in IBM Kitura
Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure.
network
low complexity
ibm CWE-200
7.5