|
248821
|
8.8 |
HIGH
Network
|
intenogroup
|
iopsys_firmware
|
p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to read, or append data to, arbitrary files via requests on TCP port 9100.
|
NVD-CWE-noinfo
|
CVE-2018-10123
|
2024-11-21 12:40 |
2018-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248822
|
7.5 |
HIGH
Network
|
haproxy
redhat
|
haproxy
enterprise_linux
|
An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame length was checked against the max_frame_size setting instead of being checked against the bufsize. The max_frame_size only appl…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10184
|
2024-11-21 12:40 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248823
|
8.8 |
HIGH
Network
|
tp-link
|
eap_controller
|
TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows do not control privileges for usage of the Web API, allowing a low-privilege user to make any request as an Administra…
|
CWE-269
Improper Privilege Management
|
CVE-2018-10168
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248824
|
7.5 |
HIGH
Network
|
tp-link
|
eap_controller
|
The web application backup file in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows is encrypted with a hard-coded cryptographic key, so anyone who knows that key …
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-10167
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248825
|
8.8 |
HIGH
Network
|
tp-link
|
eap_controller
|
The web management interface in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows does not have Anti-CSRF tokens in any forms. This would allow an attacker to submi…
|
CWE-352
Origin Validation Error
|
CVE-2018-10166
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248826
|
5.4 |
MEDIUM
Network
|
tp-link
|
eap_controller
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10165
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248827
|
5.4 |
MEDIUM
Network
|
tp-link
|
eap_controller
|
Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP Controller and Omada Controller versions 2.5.4_Windows/2.6.0_Windows allows authenticated attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10164
|
2024-11-21 12:40 |
2018-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248828
|
7.8 |
HIGH
Local
|
7-zip
|
7-zip
|
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) …
|
CWE-665
CWE-908
Improper Initialization
Use of Uninitialized Resource
|
CVE-2018-10115
|
2024-11-21 12:40 |
2018-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248829
|
6.5 |
MEDIUM
Network
|
libtiff
|
libtiff
|
ijg-libjpeg before 9d, as used in tiff2pdf (from LibTIFF) and other products, does not check for a NULL pointer at a certain place in jpeg_fdct_16x16 in jfdctint.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-10126
|
2024-11-21 12:40 |
2018-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248830
|
6.5 |
MEDIUM
Network
|
digitalguardian
|
management_console
|
Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue.
|
CWE-22
Path Traversal
|
CVE-2018-10176
|
2024-11-21 12:40 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
