Skip to main content
CVE-2018-9233 HIGH POC This Week

Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Sophos Information Disclosure Endpoint Protection
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-1000153 HIGH PATCH This Week

A cross-site request forgery vulnerability exists in Jenkins vSphere Plugin 2.16 and older in Clone.java, CloudSelectorParameter.java, ConvertToTemplate.java, ConvertToVm.java, Delete.java,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java CSRF Jenkins Denial Of Service Vsphere
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-1000146 HIGH PATCH This Week

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Liquibase Runner
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-3624 HIGH This Week

Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Intel RCE Buffer Overflow 2G Modem Firmware
NVD
CVSS 3.0
8.3
EPSS
1.3%
CVE-2018-1000142 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin version 1.39.0 and older in GhprbCause.java that allows an attacker with local file system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github Pull Request Builder
NVD
CVSS 3.0
7.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy