Skip to main content
CVE-2018-0171 CRITICAL POC KEV THREAT CISA Emergency

Cisco IOS and IOS XE Smart Install feature allows unauthenticated remote attackers to trigger device reload or execute arbitrary code through crafted packets, widely exploited to disrupt network infrastructure.

NVD Exploit-DB
CVSS 3.1
9.8
EPSS
93.0%
Threat
9.8
CVE-2018-8823 CRITICAL POC THREAT Act Now

modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Responsive Mega Menu Pro Prestashop
NVD
CVSS 3.0
9.8
EPSS
51.6%
CVE-2018-9107 HIGH POC This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcyMailing extension before 5.9.6 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Acymailing
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.4%
CVE-2018-9106 HIGH POC This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the export feature in the Acyba AcySMS extension before 3.5.1 for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Acysms
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
5.6%
CVE-2018-8820 HIGH POC This Week

An issue was discovered in Square 9 GlobalForms 6.2.x. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SQLi Globalforms
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-0151 CRITICAL KEV THREAT Act Now

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Denial Of Service Apple +1
NVD
CVSS 3.1
9.8
EPSS
14.5%
CVE-2018-0150 CRITICAL Act Now

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2018-7498 CRITICAL Act Now

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alice 6 Firmware
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2018-5451 CRITICAL Act Now

In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Alice 6 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.7%
CVE-2018-9110 CRITICAL PATCH Act Now

Studio 42 elFinder before 2.1.37 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Elfinder
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2018-9109 CRITICAL PATCH Act Now

Studio 42 elFinder before 2.1.36 has a directory traversal vulnerability in elFinder.class.php with the zipdl() function that can allow a remote attacker to download files accessible by the web. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Elfinder
NVD GitHub
CVSS 3.1
9.1
EPSS
3.0%
CVE-2018-0195 HIGH This Week

A vulnerability in the Cisco IOS XE Software REST API could allow an authenticated, remote attacker to bypass API authorization checks and use the API to perform privileged actions on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-0167 HIGH KEV THREAT This Week

Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Denial Of Service Apple +3
NVD
CVSS 3.1
8.8
EPSS
3.4%
CVE-2018-0152 HIGH This Week

A vulnerability in the web-based user interface (web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to gain elevated privileges on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-9108 HIGH This Week

CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quickapps Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-0174 HIGH KEV THREAT This Week

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
7.8%
CVE-2018-0173 HIGH KEV THREAT This Week

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
7.8%
CVE-2018-0172 HIGH KEV THREAT This Week

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
8.0%
CVE-2018-0164 HIGH This Week

A vulnerability in the Switch Integrated Security Features of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an interface queue wedge. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Apple Ios Xe
NVD
CVSS 3.0
8.6
EPSS
1.9%
CVE-2018-0158 HIGH KEV THREAT This Week

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Apple iOS +1
NVD
CVSS 3.1
8.6
EPSS
7.3%
CVE-2018-0157 HIGH This Week

A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a device to reload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
2.7%
CVE-2018-0155 HIGH KEV THREAT This Week

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco iOS Ios Xe
NVD
CVSS 3.1
8.6
EPSS
7.9%
CVE-2018-0175 HIGH KEV THREAT This Week

Format String vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Denial Of Service Apple +3
NVD
CVSS 3.1
8.0
EPSS
3.5%
CVE-2018-0193 HIGH This Week

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-0185 HIGH This Week

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-0182 HIGH This Week

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to inject arbitrary commands into the CLI of the affected software, which could allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-0176 HIGH This Week

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-0169 HIGH This Week

Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple iOS
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1083 HIGH PATCH This Week

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Privilege Escalation RCE Buffer Overflow Zsh Ubuntu Linux +4
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-0177 HIGH This Week

A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS XE Software running on Cisco Catalyst 3850 and Cisco Catalyst 3650 Series Switches could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2018-0170 HIGH This Week

A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Cisco Denial Of Service Memory Corruption Apple +1
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2018-0159 HIGH KEV THREAT This Week

A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Apple iOS +1
NVD
CVSS 3.1
7.5
EPSS
7.0%
CVE-2018-0156 HIGH KEV THREAT This Week

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
7.5
EPSS
8.3%
CVE-2018-0154 HIGH KEV THREAT This Week

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2018-1064 HIGH PATCH This Week

libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Debian Linux Libvirt
NVD
CVSS 3.0
7.5
EPSS
3.0%
CVE-2018-0165 HIGH This Week

A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.0
7.4
EPSS
0.7%
CVE-2018-8885 HIGH This Week

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Authentication Bypass Screen Resolution Extra Ubuntu Linux
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2018-0184 MEDIUM This Month

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-0183 MEDIUM This Month

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Xe
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-0163 MEDIUM This Month

A vulnerability in the 802.1x multiple-authentication (multi-auth) feature of Cisco IOS Software could allow an unauthenticated, adjacent attacker to bypass the authentication phase on an 802.1x. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple iOS
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2018-0161 MEDIUM KEV THREAT This Month

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Apple iOS
NVD
CVSS 3.1
6.3
EPSS
4.7%
CVE-2018-0160 MEDIUM This Month

A vulnerability in Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.0
6.3
EPSS
1.7%
CVE-2018-0190 MEDIUM This Month

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Apple Ios Xe
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0188 MEDIUM This Month

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Apple Ios Xe
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0186 MEDIUM This Month

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Apple Ios Xe
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7674 MEDIUM This Month

The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Identity Manager
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0180 MEDIUM KEV THREAT This Month

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Apple iOS
NVD
CVSS 3.1
5.9
EPSS
5.0%
CVE-2018-0179 MEDIUM KEV THREAT This Month

Multiple vulnerabilities in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Apple iOS
NVD
CVSS 3.1
5.9
EPSS
5.0%
CVE-2018-7676 MEDIUM This Month

The NetIQ Identity Manager, in versions prior to 4.7, userapp with log / trace enabled may leak sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Identity Manager
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-1142 MEDIUM PATCH This Month

Tenable Appliance versions 4.6.1 and earlier have been found to contain a single XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Appliance
NVD
CVSS 3.0
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy