Skip to main content
CVE-2018-8905 HIGH POC PATCH This Week

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by tiff2ps. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libtiff Debian Linux Ubuntu Linux +3
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2018-5349 HIGH POC This Week

A vulnerability has been found in Heimdal PRO v2.2.190, but it is most likely also present in Heimdal FREE and Heimdal CORP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Heimdal
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8904 HIGH POC This Week

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Windows Optimization Master
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8896 HIGH POC This Week

In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8895 HIGH POC This Week

In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8894 HIGH POC This Week

In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8909 HIGH POC This Week

The Wire application before 2018-03-07 for Android allows attackers to write to pathnames outside of the downloads directory via a ../ in a filename of a received file, related to AssetService.scala. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Path Traversal Wire
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-5731 HIGH POC This Week

An issue was discovered in Heimdal PRO 2.2.190. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Heimdal
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-7524 HIGH This Week

A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-5504 HIGH This Week

In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.0
8.1
EPSS
4.5%
CVE-2018-0552 HIGH This Week

Untrusted search path vulnerability in The installer of PhishWall Client Firefox and Chrome edition for Windows Ver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Mozilla Microsoft Information Disclosure Phishwall Client
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-0540 HIGH This Week

Untrusted search path vulnerability in ViX version 2.21.148.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vix
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-5509 HIGH This Week

On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically configured virtual server receives traffic of an undisclosed nature, TMM will crash and take the configured failover action,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Application Security Manager +4
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-5503 HIGH This Week

On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may restart when processing a specifically crafted page through a virtual server with an associated PEM policy that has content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Policy Enforcement Manager
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-5502 HIGH This Week

On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-0542 HIGH This Week

Directory traversal vulnerability in WebProxy version 1.7.8 allows an attacker to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Webproxy
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-7516 HIGH This Week

A server-side request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which could lead to proxied network. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF G Cam Efd 2250 Firmware Topfd 2125 Firmware
NVD
CVSS 3.0
7.3
EPSS
1.1%
CVE-2018-1448 HIGH This Week

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy