Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-05-03 CVE-2018-10166 Cross-Site Request Forgery (CSRF) vulnerability in Tp-Link EAP Controller 2.5.4/2.6.0
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms.
network
low complexity
tp-link CWE-352
8.8
2018-05-03 CVE-2018-10717 Out-of-bounds Write vulnerability in Miniupnp Project Ngiflib 0.4
The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not consider the bounds of the pixels data structure, which allows remote attackers to cause a denial of service (WritePixels heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted GIF file, a different vulnerability than CVE-2018-10677.
network
low complexity
miniupnp-project CWE-787
8.8
2018-05-03 CVE-2018-10713 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in D-Link Dsl-3782 Firmware 1.01
An issue was discovered on D-Link DSL-3782 EU 1.01 devices.
network
low complexity
d-link CWE-119
8.8
2018-05-03 CVE-2018-4849 Improper Certificate Validation vulnerability in Siemens Siveillance VMS Video
A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)).
network
high complexity
siemens CWE-295
7.4
2018-05-03 CVE-2018-10666 Unspecified vulnerability in Auroradao Idex Membership
The Owned smart contract implementation for Aurora IDEX Membership (IDXM), an Ethereum ERC20 token, allows attackers to acquire contract ownership because the setOwner function is declared as public.
network
low complexity
auroradao
7.5
2018-05-02 CVE-2018-0287 Improper Input Validation vulnerability in Cisco Webex Meetings Online T30/T32.7
A vulnerability in the Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system.
network
low complexity
cisco CWE-20
8.8
2018-05-02 CVE-2018-0262 Unspecified vulnerability in Cisco Meeting Server
A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution.
network
high complexity
cisco
8.1
2018-05-02 CVE-2018-0252 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Wireless LAN Controller Software
A vulnerability in the IP Version 4 (IPv4) fragment reassembly function of Cisco 3500, 5500, and 8500 Series Wireless LAN Controller Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-119
8.6
2018-05-02 CVE-2018-0235 Unspecified vulnerability in Cisco Wireless LAN Controller Software 8.6(1.106)/8.6(1.114)
A vulnerability in the 802.11 frame validation functionality of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.
low complexity
cisco
7.4
2018-05-02 CVE-2018-0234 Improper Input Validation vulnerability in Cisco Aironet Access Point Software 8.4(100.0)/8.5(103.0)/8.5(105.0)
A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
8.6