Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-14 | CVE-2017-12128 | Information Exposure vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. | 7.5 |
| 2018-05-14 | CVE-2017-12126 | Cross-Site Request Forgery (CSRF) vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2017-12125 | OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2017-12123 | Insufficiently Protected Credentials vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2017-12121 | OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2017-12120 | OS Command Injection vulnerability in Moxa Edr-810 Firmware 4.1 An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. | 8.8 |
| 2018-05-14 | CVE-2018-10990 | Insufficient Session Expiration vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6 On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). | 8.0 |
| 2018-05-14 | CVE-2018-10252 | Session Fixation vulnerability in Actiontec Wcb6200Q Firmware An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a devices. | 8.1 |
| 2018-05-14 | CVE-2017-6021 | Improper Input Validation vulnerability in multiple products In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. | 7.5 |
| 2018-05-14 | CVE-2018-0588 | Path Traversal vulnerability in Ultimatemember User Profile & Membership Directory traversal vulnerability in the AJAX function of Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to read arbitrary files via unspecified vectors. | 7.5 |