Skip to main content
CVE-2018-7544 CRITICAL POC Act Now

A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openvpn
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2018-1078 CRITICAL Act Now

OpenDayLight version Carbon SR3 and earlier contain a vulnerability during node reconciliation that can result in traffic flows that should be expired or should expire shortly being re-installed and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openflow
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-8739 CRITICAL Act Now

VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Vpn Unlimited
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-1000134 CRITICAL PATCH Act Now

UnboundID LDAP SDK version from commit 801111d8b5c732266a5dbd4b3bb0b6c7b94d7afb up to commit 8471904a02438c03965d21367890276bc25fa5a6, where the issue was reported and fixed contains an Incorrect. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Ldapsdk
NVD GitHub
CVSS 3.0
9.8
EPSS
4.9%
CVE-2018-3560 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Double Free vulnerability exists in Audio Driver while opening a sound compression. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-1000133 HIGH PATCH This Week

Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Privilege Escalation Trident
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-3561 HIGH This Week

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Denial Of Service Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-1068 MEDIUM PATCH This Month

A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux Buffer Overflow Linux Kernel Ubuntu Linux Debian Linux +7
NVD GitHub
CVSS 3.1
6.7
EPSS
0.5%
CVE-2018-1200 MEDIUM This Month

Apps Manager for PCF (Pivotal Application Service 1.11.x before 1.11.26, 1.12.x before 1.12.14, and 2.0.x before 2.0.5) allows unprivileged remote file read in its container via specially-crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pivotal Application Service
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-1324 MEDIUM PATCH This Month

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Apache Commons Compress Mysql Cluster Weblogic Server
NVD
CVSS 3.1
5.5
EPSS
3.7%
CVE-2018-1199 MEDIUM PATCH This Month

Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Framework Spring Security Fuse +2
NVD
CVSS 3.1
5.3
EPSS
2.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy