Skip to main content
CVE-2018-1000140 CRITICAL POC PATCH Act Now

rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow vulnerability in the checking of x509 certificates from a peer that can result in Remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Buffer Overflow Librelp Debian Linux +7
NVD GitHub
CVSS 3.0
9.8
EPSS
9.7%
CVE-2018-1207 CRITICAL POC THREAT Act Now

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dell RCE Emc Idrac7 Emc Idrac8
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
90.8%
CVE-2018-1000138 CRITICAL POC Act Now

I, Librarian version 4.8 and earlier contains a SSRF vulnerability in "url" parameter of getFromWeb in functions.php that can result in the attacker abusing functionality on the server to read or. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP I Librarian
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2018-1000141 CRITICAL Act Now

I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation PHP I Librarian
NVD GitHub
CVSS 3.1
9.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy