Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-03 | CVE-2018-10168 | Improper Privilege Management vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. | 8.8 |
| 2018-05-03 | CVE-2018-10167 | Use of Hard-coded Credentials vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. | 7.5 |
| 2018-05-03 | CVE-2018-10166 | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. | 8.8 |
| 2018-05-03 | CVE-2018-10717 | Out-of-bounds Write vulnerability in Miniupnp Project Ngiflib 0.4 The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677. | 8.8 |
| 2018-05-03 | CVE-2018-10713 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01 An issue was discovered on D-Link DSL-3782 EU 1.01 devices. | 8.8 |
| 2018-05-03 | CVE-2018-4849 | Improper Certificate Validation vulnerability in Siemens Siveillance VMS Video A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). | 7.4 |
| 2018-05-03 | CVE-2018-10666 | Unspecified vulnerability in Auroradao Idex Membership The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public. | 7.5 |
| 2018-05-02 | CVE-2018-0287 | Improper Input Validation vulnerability in Cisco Webex Meetings Online T30/T32.7 A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. | 8.8 |
| 2018-05-02 | CVE-2018-0262 | Unspecified vulnerability in Cisco Meeting Server A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. | 8.1 |
| 2018-05-02 | CVE-2018-0252 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Wireless LAN Controller Software A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. | 8.6 |