Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-14 CVE-2018-6516 Unspecified vulnerability in Puppet Enterprise Client Tools 16.4.0/17.3.0/18.1.0
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.
local
low complexity
puppet
7.8
2018-06-14 CVE-2018-12423 Unspecified vulnerability in Matrix Synapse
In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force.
network
low complexity
matrix
7.5
2018-06-14 CVE-2018-12420 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Icehrm
IceHrm before 23.0.1.OS has a risky usage of a hashed password in a request.
network
low complexity
icehrm CWE-327
7.5
2018-06-14 CVE-2018-8819 XXE vulnerability in Carrier Automatedlogic Webctrl 6.0/6.1/6.5
An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5.
network
low complexity
carrier CWE-611
7.5
2018-06-14 CVE-2017-12070 Improper Input Validation vulnerability in Opcfoundation Ua-.Net-Legacy 1.02.336.0
Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code.
network
low complexity
opcfoundation CWE-20
8.8
2018-06-14 CVE-2018-12114 Cross-Site Request Forgery (CSRF) vulnerability in Maccms 10.0
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
network
low complexity
maccms CWE-352
8.8
2018-06-14 CVE-2018-4833 Unspecified vulnerability in Siemens products
A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl.
low complexity
siemens
8.8
2018-06-14 CVE-2017-17309 Path Traversal vulnerability in Huawei Hg255S-10 Firmware V100R001C163B025Sp02
Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication.
network
low complexity
huawei CWE-22
7.5
2018-06-14 CVE-2017-17173 Improper Input Validation vulnerability in Huawei Mate 9 PRO Fimware Lonal00B8.0.0.334(C00)/Lonal00B8.0.0.340A(C00)
Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability.
local
low complexity
huawei CWE-20
7.8
2018-06-14 CVE-2017-17172 Improper Handling of Exceptional Conditions vulnerability in Huawei Lyo-L21
Huawei smart phones LYO-L21 with software LYO-L21C479B107, LYO-L21C479B107 have a privilege escalation vulnerability.
local
low complexity
huawei CWE-755
7.3