Skip to main content
CVE-2018-7532 CRITICAL POC Act Now

Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
9.8
EPSS
7.9%
CVE-2018-5225 CRITICAL Act Now

In browser editing in Atlassian Bitbucket Server from version 4.13.0 before 5.4.8 (the fixed version for 4.13.0 through 5.4.7), 5.5.0 before 5.5.8 (the fixed version for 5.5.x), 5.6.0 before 5.6.5. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Atlassian RCE Bitbucket
NVD
CVSS 3.0
9.9
EPSS
3.6%
CVE-2018-8944 CRITICAL Act Now

PHPOK 4.8.338 has an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Phpok
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-8943 CRITICAL Act Now

There is a SQL injection in the PHPSHE 1.6 userbank parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Phpshe
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-7520 CRITICAL Act Now

An improper access control vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could allow a full configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2018-0541 CRITICAL Act Now

Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to cause a denial-of-service (DoS) condition or execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Tinyftp
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-0539 CRITICAL Act Now

QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qqq Systems
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-7528 CRITICAL Act Now

An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
9.1
EPSS
1.6%
CVE-2018-1426 CRITICAL Act Now

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
9.1
EPSS
2.5%
CVE-2018-8936 CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Amd Ryzen Mobile Firmware Ryzen Pro Firmware Epyc Server Firmware +1
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8935 CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8934 CRITICAL Act Now

The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.8%
CVE-2018-8933 CRITICAL Act Now

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Epyc Server Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8932 CRITICAL Act Now

The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8931 CRITICAL Act Now

The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware Ryzen Pro Firmware Ryzen Firmware
NVD
CVSS 3.0
9.0
EPSS
1.7%
CVE-2018-8930 CRITICAL Act Now

The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Amd Information Disclosure Ryzen Mobile Firmware Ryzen Pro Firmware Epyc Server Firmware +1
NVD
CVSS 3.0
9.0
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy