|
245641
|
7.8 |
HIGH
Local
|
asus
|
aura_sync_firmware
|
The GLCKIo and Asusgio low-level drivers in ASUS Aura Sync v1.07.22 and earlier expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run…
|
NVD-CWE-noinfo
|
CVE-2018-18536
|
2024-11-21 12:56 |
2018-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245642
|
7.8 |
HIGH
Local
|
asus
|
aura_sync_firmware
|
The Asusgio low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes functionality to read and write Machine Specific Registers (MSRs). This could be leveraged to execute arbitrary ring-0 code.
|
NVD-CWE-noinfo
|
CVE-2018-18535
|
2024-11-21 12:56 |
2018-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245643
|
5.9 |
MEDIUM
Network
|
epson
|
epson_workforce_wf-2861_firmware
|
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. They use SNMP to find certain devices on the network, but the default version is v2c, allowing …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-18960
|
2024-11-21 12:56 |
2018-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245644
|
7.5 |
HIGH
Network
|
epson
|
epson_workforce_wf-2861_firmware
|
An issue was discovered on Epson WorkForce WF-2861 10.48 LQ22I3, 10.51.LQ20I6 and 10.52.LQ17IA devices. On the 'Air Print Setting' web page, if the data for 'Bonjour Service Location' at /PRESENTATIO…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-18959
|
2024-11-21 12:56 |
2018-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245645
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_mi-a1_firmware
|
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a ho…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-18698
|
2024-11-21 12:56 |
2018-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245646
|
7.0 |
HIGH
Local
|
dlink
d-link
|
mydlink_baby_camera_monitor
dcs-825l_firmware
|
An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Whenever actions are performed from the app (e.g., change camera settings or play lullabies), it communicates directly with the W…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2018-18767
|
2024-11-21 12:56 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245647
|
7.8 |
HIGH
Local
|
keybase
|
keybase
|
An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. An untrusted search path vulnerability in the keybase-redirector application allows a local, unprivil…
|
CWE-426
Untrusted Search Path
|
CVE-2018-18629
|
2024-11-21 12:56 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245648
|
9.8 |
CRITICAL
Network
|
gigasetpro
|
maxwell_basic_firmware
|
Missing password verification in the web interface on Gigaset Maxwell Basic VoIP phones with firmware 2.22.7 would allow a remote attacker (in the same network as the device) to change the admin pass…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-18871
|
2024-11-21 12:56 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245649
|
6.5 |
MEDIUM
Network
|
phpservermonitor
|
php_server_monitor
|
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.
|
CWE-352
Origin Validation Error
|
CVE-2018-18921
|
2024-11-21 12:56 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245650
|
9.9 |
CRITICAL
Network
|
vyos
|
vyos
|
A privilege escalation issue was discovered in VyOS 1.1.8. The default configuration also allows operator users to execute the pppd binary with elevated (sudo) permissions. Certain input parameters a…
|
NVD-CWE-noinfo
|
CVE-2018-18556
|
2024-11-21 12:56 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
