Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-11 CVE-2018-6617 Improper Authentication vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B
Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password.
local
low complexity
ehcp CWE-287
7.8
2018-05-11 CVE-2018-6458 Cross-Site Request Forgery (CSRF) vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B
Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
network
low complexity
ehcp CWE-352
8.8
2018-05-11 CVE-2018-6023 Cross-Site Request Forgery (CSRF) vulnerability in Fastweb Fastgate Firmware 0.00.47
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
network
low complexity
fastweb CWE-352
8.8
2018-05-11 CVE-2018-1280 SQL Injection vulnerability in Pivotal Software Greenplum Command Center
Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability.
network
low complexity
pivotal-software CWE-89
7.5
2018-05-11 CVE-2018-1259 XXE vulnerability in multiple products
Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion.
network
low complexity
pivotal-software xmlbeam CWE-611
7.5
2018-05-11 CVE-2018-1258 Incorrect Authorization vulnerability in multiple products
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security.
8.8
2018-05-11 CVE-2017-6015 Injection vulnerability in Rockwellautomation Factorytalk Activation 4.00.02
Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable.
local
low complexity
rockwellautomation CWE-74
7.8
2018-05-10 CVE-2018-10982 An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection.
local
low complexity
xen debian
8.8
2018-05-10 CVE-2018-3649 Uncontrolled Search Path Element vulnerability in Intel products
DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution.
local
low complexity
intel CWE-427
7.8
2018-05-10 CVE-2018-3612 Improper Input Validation vulnerability in Intel products
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
local
low complexity
intel CWE-20
7.8