Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-05-11 | CVE-2018-6617 | Improper Authentication vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password. | 7.8 |
2018-05-11 | CVE-2018-6458 | Cross-Site Request Forgery (CSRF) vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection. | 8.8 |
2018-05-11 | CVE-2018-6023 | Cross-Site Request Forgery (CSRF) vulnerability in Fastweb Fastgate Firmware 0.00.47 Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. | 8.8 |
2018-05-11 | CVE-2018-1280 | SQL Injection vulnerability in Pivotal Software Greenplum Command Center Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains a blind SQL injection vulnerability. | 7.5 |
2018-05-11 | CVE-2018-1259 | XXE vulnerability in multiple products Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. | 7.5 |
2018-05-11 | CVE-2018-1258 | Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. | 8.8 |
2018-05-11 | CVE-2017-6015 | Injection vulnerability in Rockwellautomation Factorytalk Activation 4.00.02 Without quotation marks, any whitespace in the file path for Rockwell Automation FactoryTalk Activation version 4.00.02 remains ambiguous, which may allow an attacker to link to or run a malicious executable. | 7.8 |
2018-05-10 | CVE-2018-10982 | An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain hypervisor privileges by setting up an HPET timer to deliver interrupts in IO-APIC mode, aka vHPET interrupt injection. | 8.8 |
2018-05-10 | CVE-2018-3649 | Uncontrolled Search Path Element vulnerability in Intel products DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code execution. | 7.8 |
2018-05-10 | CVE-2018-3612 | Improper Input Validation vulnerability in Intel products Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM). | 7.8 |