Skip to main content
CVE-2018-6574 HIGH POC PATCH This Week

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Go Debian Linux Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
7.8
EPSS
7.8%
CVE-2018-6829 HIGH POC This Week

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libgcrypt
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-6799 HIGH PATCH This Week

The AcquireCacheNexus function in magick/pixel_cache.c in GraphicsMagick before 1.3.28 allows remote attackers to cause a denial of service (heap overwrite) or possibly have unspecified other impact. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-6792 HIGH This Week

Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cvms Hub
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-1366 HIGH PATCH This Week

IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated Value (CSV) Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Code Injection IBM Content Navigator
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-1388 HIGH This Week

GSKit V7 may disclose side channel information via discrepancies between valid and invalid PKCS#1 padding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
7.5
EPSS
2.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy