Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-06-28 CVE-2018-12934 Allocation of Resources Without Limits or Throttling vulnerability in GNU Binutils 2.30
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM).
network
low complexity
gnu CWE-770
7.5
7.5
2018-06-28 CVE-2018-12931 Out-of-bounds Write vulnerability in multiple products
ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.
local
low complexity
linux canonical CWE-787
7.8
7.8
2018-06-28 CVE-2018-12930 Out-of-bounds Write vulnerability in multiple products
ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.
local
low complexity
linux canonical CWE-787
7.8
7.8
2018-06-28 CVE-2018-12589 Untrusted Search Path vulnerability in Polarisoffice Polaris Office 2017 8.1
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
local
low complexity
polarisoffice CWE-426
7.8
7.8
2018-06-28 CVE-2018-12927 Information Exposure vulnerability in Northernnep Northern Electric & Power Inverter Firmware
Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.
network
low complexity
northernnep CWE-200
7.5
7.5
2018-06-28 CVE-2018-12926 Information Exposure vulnerability in Pharoscontrols Pharos Firmware
Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.
network
low complexity
pharoscontrols CWE-200
7.5
7.5
2018-06-28 CVE-2018-12923 Information Exposure vulnerability in Bwssystems HA Bridge
BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.
network
low complexity
bwssystems CWE-200
7.5
7.5
2018-06-28 CVE-2018-12922 Incorrect Permission Assignment for Critical Resource vulnerability in Vertiv Liebert Intellislot Firmware
Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.
network
low complexity
vertiv CWE-732
7.5
7.5
2018-06-28 CVE-2018-12921 Information Exposure vulnerability in Electroind Gaugetech Nexus Firmware
Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.htm URI.
network
low complexity
electroind CWE-200
7.5
7.5
2018-06-28 CVE-2018-12920 Information Exposure vulnerability in Flir Brickstream 2300 Firmware
Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI.
network
low complexity
flir CWE-200
7.5
7.5