Skip to main content
CVE-2018-7890 CRITICAL POC THREAT Emergency

A remote code execution issue was discovered in Zoho ManageEngine Applications Manager before 13.6 (build 13640). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho RCE Command Injection Manageengine Applications Manager
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
79.2%
CVE-2018-7871 HIGH POC This Week

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-7889 HIGH POC PATCH This Week

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Python Calibre
NVD GitHub
CVSS 3.0
7.8
EPSS
4.7%
CVE-2018-7869 HIGH POC This Week

There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-7877 MEDIUM POC This Month

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-7876 MEDIUM POC This Month

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-7875 MEDIUM POC This Month

There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-7874 MEDIUM POC This Month

An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-7873 MEDIUM POC This Month

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-7872 MEDIUM POC This Month

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-7870 MEDIUM POC This Month

An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-7868 MEDIUM POC This Month

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-7867 MEDIUM POC This Month

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-7866 MEDIUM POC This Month

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-7183 CRITICAL Act Now

Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Ntp Freebsd +2
NVD
CVSS 3.0
9.8
EPSS
10.8%
CVE-2018-1216 CRITICAL Act Now

A hard-coded password vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Solutions Enabler Virtual Appliance Emc Unisphere For Vmax Virtual Appliance Emc Vasa Virtual Appliance +1
NVD
CVSS 3.0
9.8
EPSS
22.1%
CVE-2018-0147 CRITICAL KEV THREAT Act Now

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Cisco Secure Access Control System
NVD
CVSS 3.1
9.8
EPSS
18.6%
CVE-2018-7755 MEDIUM POC This Month

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-1442 HIGH This Week

IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Monitoring
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-1215 HIGH This Week

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dell Emc Solutions Enabler Virtual Appliance Emc Unisphere For Vmax Virtual Appliance Emc Vasa Virtual Appliance +1
NVD
CVSS 3.0
8.8
EPSS
4.4%
CVE-2018-0213 HIGH This Week

A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Identity Services Engine
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-0210 HIGH This Week

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Data Center Network Manager
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-0141 HIGH This Week

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration Prime Collaboration Assurance Prime Collaboration Provisioning
NVD
CVSS 3.0
8.4
EPSS
0.4%
CVE-2018-5313 HIGH This Week

A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Rapid Scada
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-1182 HIGH This Week

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rsa Identity Governance And Lifecycle Rsa Identity Management And Governance Rsa Via Lifecycle And Governance
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-0209 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Small Business 500 Series Stackable Managed Switches Firmware
NVD
CVSS 3.1
7.7
EPSS
1.6%
CVE-2018-4840 HIGH PATCH This Week

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Siprotec Compact 7Sj80 Firmware Siprotec Compact 7Sk80 Firmware Siprotec 4 7Sj66 Firmware Digsi 4 +5
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-4838 HIGH PATCH This Week

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass En100 Ethernet Module Iec 104 Firmware En100 Ethernet Module Dnp3 Firmware En100 Ethernet Module Modbus Tcp Firmware En100 Ethernet Module Profinet Io Firmware +1
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-0224 MEDIUM This Month

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to execute arbitrary commands with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Staros
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2018-0221 MEDIUM This Month

A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.0
6.7
EPSS
0.8%
CVE-2018-0217 MEDIUM This Month

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series Aggregation Services Routers could allow an authenticated, local attacker to perform a command injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Asr 5000 Firmware Asr 5700 Firmware Asr 5500 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2018-0215 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Identity Services Engine
NVD
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-1220 MEDIUM This Month

EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Rsa Archer
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0223 MEDIUM This Month

A vulnerability in DesktopServlet in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Security Manager
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0219 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Computing System (UCS) Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Computing System Director
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0212 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0144 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Data Center Network Manager
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-1443 MEDIUM This Month

An XML parsing vulnerability affects IBM SAML-based single sign-on (SSO) systems (IBM Security Access Manager 9.0.0 - 9.0.4 and IBM Tivoli Federated Identity Manager 6.2 - 6.0.2.) This vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Access Manager Tivoli Federated Identity Manager
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2018-0087 MEDIUM This Month

A vulnerability in the FTP server of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to log in to the FTP server of the device without a valid password. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Cisco Asyncos
NVD
CVSS 3.0
5.6
EPSS
1.9%
CVE-2018-7757 MEDIUM PATCH This Month

Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-0220 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Videoscape AnyRes Live could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Videoscape Anyres Live
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0216 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Identity Services Engine
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-0208 MEDIUM This Month

A vulnerability in the web-based management interface of the (cloud based) Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Email Encryption
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-4839 MEDIUM PATCH This Month

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Siprotec Compact 7Sj80 Firmware Siprotec Compact 7Sk80 Firmware Siprotec 4 7Sj66 Firmware Digsi 4 +5
NVD
CVSS 3.0
5.3
EPSS
0.6%
CVE-2018-1387 MEDIUM PATCH This Month

IBM Application Performance Management for Monitoring & Diagnostics (IBM Monitoring 8.1.3 and 8.1.4) may release sensitive personal data to the staff who can access to the database of this product. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Application Performance Management Cloud Apm Data Collector Monitoring
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-0214 MEDIUM This Month

A vulnerability in certain CLI commands of Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with the. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Identity Services Engine
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2018-0211 MEDIUM This Month

A vulnerability in specific CLI commands for the Cisco Identity Services Engine could allow an authenticated, local attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Identity Services Engine
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2018-1219 MEDIUM This Month

EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access control vulnerability on an API which is used to enumerate user information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rsa Archer
NVD
CVSS 3.0
4.3
EPSS
1.8%
CVE-2018-0218 LOW Monitor

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Access Control Server Solution Engine
NVD
CVSS 3.1
3.3
EPSS
1.5%
CVE-2018-0207 LOW Monitor

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Access Control Server Solution Engine
NVD
CVSS 3.1
3.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy