cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-6318,https://securityvulnerability.io/vulnerability/CVE-2018-6318,,"In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of this DLL (not its signature, not its hash, etc.). A person can change this DLL in a local way, or with a remote connection, to a malicious DLL with the same name -- and when the product is used, this malicious DLL will be loaded, aka a DLL Hijacking attack.",Sophos,Sophos Tester,7.8,HIGH,0.0006200000061653554,false,false,false,false,,false,false,2018-02-02T21:00:00.000Z,0
CVE-2018-6319,https://securityvulnerability.io/vulnerability/CVE-2018-6319,,"In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.",Sophos,Sophos Tester,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2018-02-02T21:00:00.000Z,0