Skip to main content
CVE-2018-8073 CRITICAL PATCH Act Now

Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Redis Code Injection RCE Yii
NVD
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-7269 CRITICAL PATCH Act Now

The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Yii
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1230 HIGH This Week

Pivotal Spring Batch Admin, all versions, does not contain cross site request forgery protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java CSRF Spring Batch Admin
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-1345 HIGH This Week

NetIQ iManager, versions prior to 3.1, under some circumstances could be susceptible to an elevation of privilege attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Imanager
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-1344 HIGH This Week

Addresses potential communication downgrade attack in NetIQ iManager versions prior to 3.1. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Imanager
NVD
CVSS 3.0
8.6
EPSS
0.9%
CVE-2018-8074 HIGH PATCH This Week

Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Code Injection RCE Yii
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-3710 HIGH This Week

Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Gitlab RCE Debian Linux
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2018-1346 HIGH This Week

Addresses denial of service attack to eDirectory versions prior to 9.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Edirectory
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1229 MEDIUM This Month

Pivotal Spring Batch Admin, all versions, contains a stored XSS vulnerability in the file upload feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS File Upload Spring Batch Admin
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1347 MEDIUM This Month

The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Imanager
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7525 MEDIUM This Month

In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cx Supervisor
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-7523 MEDIUM This Month

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cx Supervisor
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-7521 MEDIUM This Month

In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Cx Supervisor
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-7519 MEDIUM This Month

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a heap-based buffer overflow. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Cx Supervisor
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2018-7517 MEDIUM This Month

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause an out of bounds vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Cx Supervisor
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-7515 MEDIUM This Month

In Omron CX-Supervisor Versions 3.30 and prior, access of uninitialized pointer vulnerabilities can be exploited when CX Supervisor indirectly calls an initialized pointer when parsing malformed. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cx Supervisor
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2018-7513 MEDIUM This Month

In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cx Supervisor
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy