Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In May 2018
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-05-22
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
CVSS Score
5.5
EPSS Score
0.467
Published
2018-05-22
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
CVSS Score
5.6
EPSS Score
0.012
Published
2018-05-22
The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital assets (including Ether balance and tokens) might be manipulated by the attackers, as exploited in the wild in May 2018.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-05-22
jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.
CVSS Score
7.5
EPSS Score
0.002
Published
2018-05-22
sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-05-22
sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-05-22
An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.
CVSS Score
6.1
EPSS Score
0.056
Published
2018-05-22
An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker controlled code on the file system that is then executed.
CVSS Score
7.2
EPSS Score
0.008
Published
2018-05-22
Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.
CVSS Score
7.2
EPSS Score
0.005
Published
2018-05-22


Contact Us

Shodan ® - All rights reserved