Skip to main content
CVE-2018-0986 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Exchange Server +5
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
61.5%
CVE-2018-9305 HIGH POC This Week

In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in iptc.c could result in a crash or information leak, related to the "== 0x1c" case. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-9205 HIGH POC THREAT This Week

Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Avatar Uploader
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
56.9%
CVE-2018-9274 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-9273 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-9272 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-9271 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-9270 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-9269 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-9268 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-9267 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-lapd.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-9266 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-9265 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-tn3270.c has a memory leak. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-9264 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-9263 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-9262 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-9261 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector could crash with a large loop that ends with a heap-based buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-9260 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-9259 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-9258 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-9257 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-9256 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-1097 HIGH This Week

A flaw was found in foreman before 1.16.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Foreman Satellite
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-6874 HIGH PATCH This Week

CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Auth0 Js
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-9275 HIGH PATCH This Week

In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Yubico Pam
NVD GitHub
CVSS 3.0
8.2
EPSS
1.5%
CVE-2018-1082 HIGH PATCH This Week

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Moodle
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-1447 HIGH PATCH This Week

The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect Snapshot 4.1.3, 4.1.4, and 4.1.6) CMS KDB logic fails to salt the hash function resulting in weaker than expected protection of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Spectrum Protect For Space Management Spectrum Protect For Virtual Environments Spectrum Protect Snapshot
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-6919 HIGH This Week

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-6918 HIGH This Week

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.5
EPSS
4.4%
CVE-2018-6917 HIGH This Week

In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Freebsd
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-9234 HIGH This Week

GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gnupg Ubuntu Linux
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-1421 HIGH PATCH This Week

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
CVSS 3.0
7.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy