Skip to main content
CVE-2018-7641 HIGH POC This Week

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Cimg
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-7640 HIGH POC This Week

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Cimg
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-7639 HIGH POC This Week

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Cimg
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-7638 HIGH POC This Week

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Cimg
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-7637 HIGH POC This Week

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Cimg
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-1373 CRITICAL PATCH Act Now

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-7648 CRITICAL PATCH Act Now

An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Openjpeg
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2018-1058 HIGH This Week

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Ubuntu Linux Cloudforms
NVD
CVSS 3.1
8.8
EPSS
14.1%
CVE-2018-1170 HIGH This Week

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Customer Link Bridge Customer Link
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2018-1169 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Amazon Music Player 6.1.5.1213. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Amazon Music
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-7643 HIGH This Week

The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
7.8
EPSS
2.4%
CVE-2018-7433 HIGH This Week

The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Security
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-6490 HIGH This Week

Denial of Service vulnerability in Micro Focus Operations Orchestration Software, version 10.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Operations Orchestration
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-1066 MEDIUM PATCH This Month

The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
3.5%
CVE-2018-7642 MEDIUM This Month

The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-1065 MEDIUM PATCH This Month

The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-1063 MEDIUM This Month

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Enterprise Linux Selinux
NVD
CVSS 3.0
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy