Skip to main content
CVE-2018-6954 HIGH POC This Week

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Systemd Ubuntu Linux Leap
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-6910 HIGH POC THREAT This Week

DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Dedecms
NVD GitHub
CVSS 3.1
7.5
EPSS
19.0%
CVE-2018-6952 HIGH This Week

A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Patch
NVD
CVSS 3.0
7.5
EPSS
8.4%
CVE-2018-6951 HIGH PATCH This Week

An issue was discovered in GNU patch through 2.7.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Patch Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
8.6%
CVE-2018-6293 HIGH This Week

Arbitrary File Read in Saperion Web Client version 7.5.2 83166. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Saperion Web Client
NVD
CVSS 3.0
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy