Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-04 | CVE-2018-8872 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Triconex Tricon MP 3008 Firmware 10.0/10.4 In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. | 8.1 |
| 2018-05-04 | CVE-2018-8861 | Unspecified vulnerability in Philips products Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system. | 8.7 |
| 2018-05-04 | CVE-2018-8857 | Use of Hard-coded Credentials vulnerability in Philips products Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.8 |
| 2018-05-04 | CVE-2018-8853 | Improper Privilege Management vulnerability in Philips products Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. | 8.8 |
| 2018-05-04 | CVE-2018-10641 | Improper Authentication vulnerability in Dlink Dir-601 Firmware 1.02Na D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. | 8.1 |
| 2018-05-04 | CVE-2018-10722 | Link Following vulnerability in Cylance Cylanceprotect In Cylance CylancePROTECT before 1470, an unprivileged local user can obtain SYSTEM privileges because users have Modify access to the %PROGRAMFILES%\Cylance\Desktop\log folder, the CyUpdate process grants users Modify access to new files created in this folder, and a new file can be a symlink chain to a pathname of an arbitrary DLL that CyUpdate uses. | 7.8 |
| 2018-05-03 | CVE-2018-10168 | Improper Privilege Management vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administrator. | 8.8 |
| 2018-05-03 | CVE-2018-10167 | Use of Hard-coded Credentials vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key and the algorithm can decrypt it. | 7.5 |
| 2018-05-03 | CVE-2018-10166 | Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0 The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. | 8.8 |
| 2018-05-03 | CVE-2018-10717 | Out-of-bounds Write vulnerability in Miniupnp Project Ngiflib 0.4 The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677. | 8.8 |