Skip to main content
CVE-2018-9148 CRITICAL POC Act Now

Western Digital WD My Cloud v04.05.00-320 devices embed the session token (aka PHPSESSID) in filenames, which makes it easier for attackers to bypass authentication by listing a directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass My Cloud Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-3822 CRITICAL Act Now

X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass X Pack
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2018-9143 CRITICAL Act Now

On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Samsung Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-9139 CRITICAL Act Now

On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Samsung Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy