Skip to main content
CVE-2018-7317 HIGH POC This Week

Backup Download exists in the Proclaim 9.1.1 component for Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Proclaim
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
8.1%
CVE-2018-7284 HIGH POC PATCH THREAT This Week

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Asterisk Certified Asterisk Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
58.3%
CVE-2018-1414 HIGH PATCH This Week

IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi IBM Maximo Asset Management Maximo Asset Management Essentials
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-0148 HIGH This Week

A vulnerability in the web-based management interface of Cisco UCS Director Software and Cisco Integrated Management Controller (IMC) Supervisor Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Ucs Director
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-0139 HIGH This Week

A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Customer Voice Portal
NVD
CVSS 3.1
8.6
EPSS
2.3%
CVE-2018-7298 HIGH This Week

In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic CCU2 2.29.22 devices, software update packages are downloaded via the HTTP protocol, which does not provide any cryptographic. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-1417 HIGH This Week

Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java IBM Information Disclosure Java Sdk
NVD
CVSS 3.0
8.1
EPSS
2.2%
CVE-2018-7299 HIGH This Week

Remote Code Execution in the addon installation process in eQ-3 AG Homematic CCU2 2.29.2 and earlier allows authenticated attackers to create or overwrite arbitrary files or install malicious. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Homematic Central Control Unit Ccu2 Firmware
NVD
CVSS 3.0
8.0
EPSS
1.1%
CVE-2018-7408 HIGH PATCH This Week

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Node.js npm
NVD GitHub
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-0015 HIGH This Week

A malicious user with unrestricted access to the AppFormix application management platform may be able to access a Python debug console and execute system commands with root privilege. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Python Juniper Appformix
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-7285 HIGH PATCH This Week

A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Asterisk
NVD
CVSS 3.0
7.5
EPSS
5.1%
CVE-2018-0204 HIGH This Week

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for individual. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Prime Collaboration Provisioning
NVD
CVSS 3.0
7.5
EPSS
2.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy