Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-09-17 CVE-2018-17127 NULL Pointer Dereference vulnerability in Asus Gt-Ac5300 Firmware 3.0.0.4.384.21140/3.0.0.4.384.32738
blocking_request.cgi on ASUS GT-AC5300 devices through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (NULL pointer dereference and device crash) via a request that lacks a timestap parameter.
network
low complexity
asus CWE-476
7.5
7.5
2018-09-17 CVE-2018-17125 Path Traversal vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows arbitrary directory deletion via a dir=..\\ substring to plugins\sys\admin\Plugins.php.
network
low complexity
chshcms CWE-22
7.5
7.5
2018-09-16 CVE-2018-17108 Unspecified vulnerability in SBI Buddy 1.41/1.42
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow attackers to perform Account Takeover attacks by intercepting a security-question response during the initial configuration of the application.
network
low complexity
sbi
8.8
8.8
2018-09-16 CVE-2018-17106 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tinyftp Project Tinyftp 1.1
In Tinyftp Tinyftpd 1.1, a buffer overflow exists in the text variable of the do_mkd function in the ftpproto.c file.
network
low complexity
tinyftp-project CWE-119
7.5
7.5
2018-09-16 CVE-2018-17104 Cross-Site Request Forgery (CSRF) vulnerability in Microweber 1.0.7
An issue was discovered in Microweber 1.0.7.
network
low complexity
microweber CWE-352
8.8
8.8
2018-09-16 CVE-2018-17103 Cross-Site Request Forgery (CSRF) vulnerability in Get-Simple Getsimple CMS 3.3.13
An issue was discovered in GetSimple CMS v3.3.13.
network
low complexity
get-simple CWE-352
8.8
8.8
2018-09-16 CVE-2018-17102 Cross-Site Request Forgery (CSRF) vulnerability in Quickappscms Quickapps CMS
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2.
network
low complexity
quickappscms CWE-352
8.8
8.8
2018-09-16 CVE-2018-17101 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in LibTIFF 4.0.9.
network
low complexity
debian libtiff canonical CWE-787
8.8
8.8
2018-09-16 CVE-2018-17100 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in LibTIFF 4.0.9.
network
low complexity
debian libtiff canonical CWE-190
8.8
8.8
2018-09-16 CVE-2018-17098 Out-of-bounds Write vulnerability in Surina Soundtouch 2.0.0
The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch.
network
low complexity
surina CWE-787
8.8
8.8