Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-03-08 CVE-2018-4838 Missing Authentication for Critical Function vulnerability in Siemens products
A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO variant (All versions), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions < V1.22).
network
low complexity
siemens CWE-306
7.5
2018-03-08 CVE-2018-1442 Cross-Site Request Forgery (CSRF) vulnerability in IBM Monitoring 8.1.4
IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
8.8
2018-03-08 CVE-2018-1215 Unrestricted Upload of File with Dangerous Type vulnerability in Dell products
An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX Embedded Management (eManagement): Dell EMC Unisphere for VMAX Virtual Appliance versions prior to 8.4.0.18, Dell EMC Solutions Enabler Virtual Appliance versions prior to 8.4.0.21, Dell EMC VASA Virtual Appliance versions prior to 8.4.0.514, and Dell EMC VMAX Embedded Management (eManagement) versions prior to and including 1.4 (Enginuity Release 5977.1125.1125 and earlier).
network
low complexity
dell CWE-434
8.8
2018-03-08 CVE-2018-1182 Improper Privilege Management vulnerability in multiple products
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and Governance version 7.0, all patch levels (hardware appliance and software bundle deployments only); RSA Identity Management & Governance (RSA IMG) versions 6.9.0, 6.9.1, all patch levels (hardware appliance and software bundle deployments only).
local
low complexity
emc rsa CWE-269
7.8
2018-03-08 CVE-2017-7641 Cross-Site Request Forgery (CSRF) vulnerability in Qnap Media Streaming Add-On
QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not utilize CSRF protections.
network
low complexity
qnap CWE-352
8.8
2018-03-08 CVE-2017-18222 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.
local
low complexity
linux CWE-119
7.8
2018-03-08 CVE-2018-0213 Improper Input Validation vulnerability in Cisco Identity Services Engine 2.1(0.904)
A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges.
network
low complexity
cisco CWE-20
8.8
2018-03-08 CVE-2018-0210 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Data Center Network Manager 10.4(1.128)/10.4(2)
A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device.
network
low complexity
cisco CWE-352
8.8
2018-03-08 CVE-2018-0209 Unspecified vulnerability in Cisco Small Business 500 Series Stackable Managed Switches Firmware 2.2.5.68/2.3.0.130
A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition.
network
low complexity
cisco
7.7
2018-03-08 CVE-2018-0141 Use of Hard-coded Credentials vulnerability in Cisco products
A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system.
local
low complexity
cisco CWE-798
8.4