Skip to main content
CVE-2018-5721 HIGH POC This Week

Stack-based buffer overflow in the ej_update_variables function in router/httpd/web.c on ASUS routers (when using software from https://github.com/RMerl/asuswrt-merlin) allows web authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Asuswrt Merlin
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-5195 CRITICAL Act Now

Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow vulnerability that leads remote attackers to execute arbitrary commands when performing the hyperlink Attributes in document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Thinkfree Office Neo
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-5747 MEDIUM POC This Month

In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ucompthread function (stream.c). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Long Range Zip Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.3%
CVE-2018-5764 HIGH This Week

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rsync Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2018-5258 MEDIUM This Month

The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Neon
NVD GitHub
CVSS 3.0
5.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy