|
247001
|
6.0 |
MEDIUM
Local
|
xen
|
xen
|
An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtua…
|
CWE-863
Incorrect Authorization
|
CVE-2018-15468
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247002
|
7.3 |
HIGH
Network
|
eltex
|
esp-200_firmware
|
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-15360
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247003
|
8.8 |
HIGH
Network
|
eltex
|
esp-200_firmware
|
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
|
NVD-CWE-noinfo
|
CVE-2018-15359
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247004
|
8.8 |
HIGH
Network
|
eltex
|
esp-200_firmware
|
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
|
CWE-20
Improper Input Validation
|
CVE-2018-15358
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247005
|
6.5 |
MEDIUM
Network
|
eltex
|
esp-200_firmware
|
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
|
CWE-200
Information Exposure
|
CVE-2018-15357
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247006
|
8.8 |
HIGH
Network
|
eltex
|
esp-200_firmware
|
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
|
CWE-77
Command Injection
|
CVE-2018-15356
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247007
|
5.9 |
MEDIUM
Network
|
kraftway
|
24f2xg_router_firmware
|
Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2018-15355
|
2024-11-21 12:50 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247008
|
7.5 |
HIGH
Network
|
kraftway
|
24f2xg_router_firmware
|
A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15354
|
2024-11-21 12:50 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247009
|
9.8 |
CRITICAL
Network
|
kraftway
|
24f2xg_router_firmware
|
A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15353
|
2024-11-21 12:50 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247010
|
6.5 |
MEDIUM
Network
|
kraftway
|
24f2xg_router_firmware
|
An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118.
|
NVD-CWE-noinfo
|
CVE-2018-15352
|
2024-11-21 12:50 |
2018-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
