Skip to main content
CVE-2018-7871 HIGH POC This Week

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libming Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-7889 HIGH POC PATCH This Week

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Deserialization Python Calibre
NVD GitHub
CVSS 3.0
7.8
EPSS
4.7%
CVE-2018-7869 HIGH POC This Week

There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-1442 HIGH This Week

IBM Application Performance Management - Response Time Monitoring Agent (IBM Monitoring 8.1.4) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Monitoring
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-1215 HIGH This Week

An arbitrary file upload vulnerability was discovered in vApp Manager which is embedded in Dell EMC Unisphere for VMAX, Dell EMC Solutions Enabler, Dell EMC VASA Virtual Appliances, and Dell EMC VMAX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Dell Emc Solutions Enabler Virtual Appliance Emc Unisphere For Vmax Virtual Appliance Emc Vasa Virtual Appliance +1
NVD
CVSS 3.0
8.8
EPSS
4.4%
CVE-2018-0213 HIGH This Week

A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Identity Services Engine
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-0210 HIGH This Week

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Data Center Network Manager
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-0141 HIGH This Week

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Prime Collaboration Prime Collaboration Assurance Prime Collaboration Provisioning
NVD
CVSS 3.0
8.4
EPSS
0.4%
CVE-2018-5313 HIGH This Week

A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Rapid Scada
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-1182 HIGH This Week

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels (hardware appliance and software bundle deployments only); RSA Via Lifecycle and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rsa Identity Governance And Lifecycle Rsa Identity Management And Governance Rsa Via Lifecycle And Governance
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-0209 HIGH This Week

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem communication channel through the Cisco 550X Series Stackable Managed Switches could allow an authenticated, remote attacker. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Small Business 500 Series Stackable Managed Switches Firmware
NVD
CVSS 3.1
7.7
EPSS
1.6%
CVE-2018-4840 HIGH PATCH This Week

A vulnerability has been identified in DIGSI 4 (All versions < V4.92), EN100 Ethernet module DNP3 variant (All versions < V1.05.00), EN100 Ethernet module IEC 104 variant (All versions), EN100. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Siprotec Compact 7Sj80 Firmware Siprotec Compact 7Sk80 Firmware Siprotec 4 7Sj66 Firmware Digsi 4 +5
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-4838 HIGH PATCH This Week

A vulnerability has been identified in EN100 Ethernet module IEC 61850 variant (All versions < V4.30), EN100 Ethernet module DNP3 variant (All versions < V1.04), EN100 Ethernet module PROFINET IO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass En100 Ethernet Module Iec 104 Firmware En100 Ethernet Module Dnp3 Firmware En100 Ethernet Module Modbus Tcp Firmware En100 Ethernet Module Profinet Io Firmware +1
NVD
CVSS 3.0
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy