An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Daniel Gultsch Conversations 2.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in PHPYun V4.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.