Skip to main content
CVE-2018-7532 CRITICAL POC Act Now

Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
9.8
EPSS
7.9%
CVE-2018-8905 HIGH POC PATCH This Week

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff Debian Linux Ubuntu Linux +3
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2018-5349 HIGH POC This Week

A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heimdal
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8904 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8896 HIGH POC This Week

In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8895 HIGH POC This Week

In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8894 HIGH POC This Week

In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8909 HIGH POC This Week

The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Path Traversal Wire
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5731 HIGH POC This Week

An issue was discovered in Heimdal PRO 2.2.190. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Heimdal
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-8906 MEDIUM POC This Month

dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dsmall
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-5225 CRITICAL Act Now

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian RCE Bitbucket
NVD
CVSS 3.0
9.9
EPSS
3.6%
CVE-2018-8944 CRITICAL Act Now

PHPOK 4.8.338 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Phpok
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-8943 CRITICAL Act Now

There is a SQL injection in the PHPSHE 1.6 userbank parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Phpshe
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-7520 CRITICAL Act Now

An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2018-0541 CRITICAL Act Now

Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Tinyftp
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-0539 CRITICAL Act Now

QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qqq Systems
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-8945 MEDIUM POC This Month

The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation
NVD
CVSS 3.0
5.5
EPSS
2.1%
CVE-2018-8903 MEDIUM POC This Month

Open-AudIT Professional 2.1 allows XSS via the Name or Description field on the Credentials screen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
1.6%
CVE-2018-7528 CRITICAL Act Now

An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
9.1
EPSS
1.6%
CVE-2018-1426 CRITICAL Act Now

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
9.1
EPSS
2.5%
CVE-2018-8936 CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Amd Ryzen Mobile Firmware Ryzen Pro Firmware Epyc Server Firmware +1
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8935 CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8934 CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8933 CRITICAL Act Now

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Epyc Server Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8932 CRITICAL Act Now

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8931 CRITICAL Act Now

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8930 CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware Ryzen Pro Firmware Epyc Server Firmware +1
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-7524 HIGH This Week

A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-5504 HIGH This Week

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.0
8.1
EPSS
4.5%
CVE-2018-0552 HIGH This Week

Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Microsoft Information Disclosure Phishwall Client
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-0540 HIGH This Week

Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vix
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-5509 HIGH This Week

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Application Security Manager +4
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-5503 HIGH This Week

On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Policy Enforcement Manager
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5502 HIGH This Week

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-0542 HIGH This Week

Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webproxy
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-7516 HIGH This Week

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
7.3
EPSS
1.1%
CVE-2018-1448 HIGH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2018-7512 MEDIUM This Month

A cross-site scripting vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-0538 MEDIUM This Month

Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qqq Systems
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0537 MEDIUM This Month

Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz_op.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qqq Systems
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0536 MEDIUM This Month

Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an attacker to inject arbitrary web script or HTML via quiz.cgi. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qqq Systems
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0535 MEDIUM This Month

Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Php 2Chbbs
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0534 MEDIUM This Month

Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arsenol
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8899 MEDIUM PATCH This Month

IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 does not encode the redirect URI on the authorization response page, which might lead to XSS in some configurations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Identityserver4
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-5505 MEDIUM This Month

On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both provisioned, TMM may restart while processing DNS requests when the virtual server is configured with a DNS profile and the Protocol. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Analytics Big Ip Application Security Manager
NVD
CVSS 3.0
5.9
EPSS
2.1%
CVE-2018-1428 MEDIUM This Month

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1427 MEDIUM This Month

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Buffer Overflow Denial Of Service Db2
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-8942 MEDIUM This Month

Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Xiuno Bbs
NVD
CVSS 3.0
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy