Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-04-30 CVE-2018-10576 Improper Authentication vulnerability in Watchguard Ap100 Firmware, Ap102 Firmware and Ap200 Firmware
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15.
local
low complexity
watchguard CWE-287
7.8
2018-04-30 CVE-2018-1102 Unspecified vulnerability in Redhat Openshift
A flaw was found in source-to-image function as shipped with Openshift Enterprise 3.x.
network
low complexity
redhat
8.8
2018-04-30 CVE-2018-5234 Unspecified vulnerability in Symantec Norton Core Firmware
The Norton Core router prior to v237 may be susceptible to a command injection exploit.
low complexity
symantec
8.0
2018-04-30 CVE-2018-9310 Unspecified vulnerability in Magnicomp Sysinfo 10H76/10H80/10H81
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default).
local
low complexity
magnicomp
7.8
2018-04-30 CVE-2018-10573 Unspecified vulnerability in Open-Emr Openemr
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
network
low complexity
open-emr
8.8
2018-04-30 CVE-2018-8839 Out-of-bounds Write vulnerability in Deltaww Pmsoft 2.04/2.08/2.10
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer.
local
low complexity
deltaww CWE-787
7.8
2018-04-30 CVE-2018-7891 Deserialization of Untrusted Data vulnerability in multiple products
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
network
high complexity
milestonesys siemens CWE-502
8.1
2018-04-30 CVE-2017-2591 Out-of-bounds Read vulnerability in multiple products
389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server.
network
low complexity
fedoraproject redhat CWE-125
7.5
2018-04-30 CVE-2018-10550 Improper Privilege Management vulnerability in Octopus Deploy
In Octopus Deploy before 2018.4.7, target and tenant tag variable scopes were not checked against the list of tenants the user has access to.
network
low complexity
octopus CWE-269
7.5
2018-04-29 CVE-2018-10549 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5.
network
low complexity
php canonical debian netapp CWE-125
8.8