Skip to main content
CVE-2018-8002 HIGH POC This Week

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Podofo
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
8.5%
CVE-2018-8000 HIGH POC This Week

In PoDoFo 0.9.5, there exists a heap-based buffer overflow vulnerability in PoDoFo::PdfTokenizer::GetNextToken() in PdfTokenizer.cpp, a related issue to CVE-2017-5886. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Podofo
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-7999 HIGH POC PATCH This Week

In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference vulnerability was found in Segment.cpp during a dumbRendering operation, which may allow attackers to cause a denial of service or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Graphite2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-7581 HIGH POC This Week

\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Weblog Expert
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-7582 HIGH POC THREAT This Week

WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of Service (daemon crash) via a long HTTP Accept Header to TCP port 9991. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Weblog Expert
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
37.6%
CVE-2018-7998 HIGH POC PATCH This Week

In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Denial Of Service Libvips Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-7230 HIGH PATCH This Week

A XML external entity (XXE) vulnerability exists in the import.cgi of the web interface component of the Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric XXE Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-0523 HIGH This Week

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wxr 1900Dhp2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-0521 HIGH This Week

Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wxr 1900Dhp2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-7236 HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could enable SSH service due to lack of authentication for /login/bin/set_param. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Schneider Electric Authentication Bypass Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2018-7239 HIGH This Week

A DLL hijacking vulnerability exists in Schneider Electric's SoMove Software and associated DTM software components in all versions prior to 2.6.2 which could allow an attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Atv Lift Dtm Atv12 Dtm Atv212 Dtm +10
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-8001 HIGH This Week

In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Podofo
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-0544 HIGH This Week

Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Winshot
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-0543 HIGH This Week

Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jtrim
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-0522 HIGH This Week

Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Wxr 1900Dhp2 Firmware
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-7235 HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-7234 HIGH PATCH This Week

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Information Disclosure Mps110 1 Firmware Imps110 1Er Firmware Ibps110 1Er Firmware +17
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2018-0524 HIGH PATCH This Week

Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jubatus
NVD GitHub
CVSS 3.0
7.3
EPSS
2.1%
CVE-2018-1069 HIGH This Week

Red Hat OpenShift Enterprise version 3.7 is vulnerable to access control override for container network filesystems. Rated high severity (CVSS 7.1). No vendor patch available.

Red Hat Authentication Bypass Openshift
NVD
CVSS 3.0
7.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy