Skip to main content
CVE-2018-8736 HIGH POC THREAT Act Now

A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to leverage an RCE vulnerability escalating to root. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Nagios Xi
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
46.9%
CVE-2018-8735 HIGH POC THREAT Act Now

Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary commands on the target system, aka OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nagios Xi
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
64.2%
CVE-2018-1000158 HIGH POC This Week

cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cms Made Simple
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-1000167 HIGH POC PATCH This Week

OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Suricata Deserialization RCE Suricata Update
NVD
CVSS 3.0
7.8
EPSS
4.2%
CVE-2018-1000164 HIGH POC PATCH This Week

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gunicorn Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-10193 HIGH POC This Week

LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lastpass
NVD
CVSS 3.0
7.5
EPSS
4.8%
CVE-2018-5342 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure PostgreSQL Manageengine Desktop Central
NVD
CVSS 3.0
7.2
EPSS
3.8%
CVE-2018-5340 HIGH POC This Week

An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Information Disclosure Manageengine Desktop Central
NVD
CVSS 3.0
7.2
EPSS
5.2%
CVE-2018-10204 HIGH This Week

PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation vulnerability in its "sevpnclient" service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Purevpn
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-7240 HIGH This Week

A vulnerability exists in Schneider Electric's Modicon Quantum in all versions of the communication modules which could allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow RCE Denial Of Service Memory Corruption +13
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-1088 HIGH PATCH This Week

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Gluster Storage Virtualization Virtualization Host Enterprise Linux Server +2
NVD
CVSS 3.1
8.1
EPSS
5.4%
CVE-2018-1240 HIGH This Week

Dell EMC ViPR Controller, versions after 3.0.0.38, contain an information exposure vulnerability in the VRRP. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Information Disclosure Vipr Controller
NVD
CVSS 3.0
8.0
EPSS
0.5%
CVE-2018-1274 HIGH PATCH This Week

Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Spring Data Commons Spring Data Rest
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-10194 HIGH This Week

The set_text_distance function in devices/vector/gdevpdts.c in the pdfwrite component in Artifex Ghostscript through 9.22 does not prevent overflows in text-positioning calculation, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Ghostscript Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-7762 HIGH This Week

A vulnerability exists in the web services to process SOAP requests in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow result in a buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-7759 HIGH This Week

A buffer overflow vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Bmxnor0200 Firmware Bmxnor0200H Firmware 140Cpu65150 Firmware +54
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1000165 HIGH PATCH This Week

LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Lightsaml
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-6413 HIGH This Week

There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of V4.1.2 build 160203 and before, and this vulnerability allows remote attackers to launch a denial of service attack (service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Hikvision Denial Of Service Buffer Overflow Ds 2Cd9111 S Firmware
NVD
CVSS 3.0
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy