Skip to main content
CVE-2018-1000049 HIGH POC THREAT Act Now

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Claymore Dual Miner
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
77.3%
CVE-2018-1000019 HIGH POC PATCH This Week

OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in fax_dispatch.php that can result in OS command injection by an authenticated attacker with any role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Command Injection Openemr
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-6827 HIGH POC This Week

VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Vobot Firmware
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-1000051 HIGH POC PATCH This Week

Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Denial Of Service Mupdf +1
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1000052 HIGH POC PATCH This Week

fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Fmt
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-6826 HIGH POC This Week

An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Vobot Firmware
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-1000058 HIGH PATCH This Week

Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Deserialization RCE Pipeline Supporting Apis
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-1000053 HIGH PATCH This Week

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Limesurvey
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1000050 HIGH PATCH This Week

Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer Overflow vulnerability in All vorbis decoding paths. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Buffer Overflow Stb Vorbis
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-1000048 HIGH This Week

NASA RtRetrievalFramework version v1.0 contains a CWE-502 vulnerability in Data retrieval functionality of RtRetrieval framework that can result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Rtretrievalframework
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-1000047 HIGH This Week

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Kodiak
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-1000041 HIGH This Week

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Librsvg Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-3607 HIGH PATCH This Week

XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
14.7%
CVE-2018-3606 HIGH PATCH This Week

XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
49.4%
CVE-2018-3605 HIGH PATCH This Week

TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
20.2%
CVE-2018-3604 HIGH PATCH This Week

GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
68.6%
CVE-2018-3603 HIGH PATCH This Week

A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
8.3%
CVE-2018-3602 HIGH PATCH This Week

An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Trend Micro RCE Control Manager
NVD
CVSS 3.0
8.8
EPSS
8.3%
CVE-2018-1000056 HIGH PATCH This Week

Jenkins JUnit Plugin 1.23 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Junit
NVD
CVSS 3.0
8.3
EPSS
1.1%
CVE-2018-1000055 HIGH PATCH This Week

Jenkins Android Lint Plugin 2.5 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Jenkins XXE SSRF Android Lint
NVD
CVSS 3.0
8.3
EPSS
0.9%
CVE-2018-1000054 HIGH PATCH This Week

Jenkins CCM Plugin 3.1 and earlier processes XML external entities in files it parses as part of the build process, allowing attackers with user permissions in Jenkins to extract secrets from the. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Ccm
NVD
CVSS 3.0
8.3
EPSS
0.9%
CVE-2018-1000025 HIGH PATCH This Week

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure PHP Firebase Admin Sdk For Php
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-1307 HIGH PATCH This Week

In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java classes, which parse a local or remote XML document and then mediates the data structures into UDDI data structures, there are. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Apache Juddi
NVD
CVSS 3.0
8.1
EPSS
1.7%
CVE-2018-6508 HIGH This Week

Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 3.0
8.0
EPSS
1.9%
CVE-2018-1000046 HIGH PATCH This Week

NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in Radar data parsing library that can result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Pyblock
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1000045 HIGH PATCH This Week

NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA Singledop library (Weather data) that can result in remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Singledop
NVD GitHub
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1000035 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
30.5%
CVE-2018-1000032 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-1000031 HIGH This Week

A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 that allows an attacker to perform a denial of service or to possibly achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Unzip
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-1000026 HIGH This Week

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Enterprise Linux +4
NVD
CVSS 3.1
7.7
EPSS
3.9%
CVE-2018-1000027 HIGH PATCH This Week

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Squid Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
13.1%
CVE-2018-1000024 HIGH PATCH This Week

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
8.1%
CVE-2018-1000028 HIGH PATCH This Week

Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Linux Linux Kernel
NVD
CVSS 3.0
7.4
EPSS
1.4%
CVE-2018-1053 HIGH PATCH This Week

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of. Rated high severity (CVSS 7.0).

Information Disclosure PostgreSQL Debian Linux Ubuntu Linux Cloudforms
NVD
CVSS 3.0
7.0
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy