Skip to main content
CVE-2018-8897 HIGH POC PATCH THREAT Act Now

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Privilege Escalation Linux Race Condition Intel +12
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
18.7%
CVE-2018-1000178 CRITICAL POC PATCH Act Now

A heap corruption of type CWE-120 exists in quassel version 0.12.4 in quasselcore in void DataStreamPeer::processMessage(const QByteArray &msg) datastreampeer.cpp line 62 that allows an attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Quassel Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-10734 CRITICAL POC Act Now

KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a backdoor that prints the login password via a Print_Password function call in certain circumstances. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D303 Firmware D305 Firmware D403 Firmware A303 Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-10809 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-10796 HIGH POC This Week

In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 2345 Security Guard
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1000179 HIGH POC This Week

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handle(const Login &msg) coreauthhandler.cpp line 235 that allows an attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Quassel Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-1247 HIGH POC THREAT This Week

RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Authentication Manager
NVD Exploit-DB
CVSS 3.0
7.1
EPSS
16.4%
CVE-2018-10801 MEDIUM POC This Month

TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtiff
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-10799 MEDIUM POC This Month

A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-10798 MEDIUM POC This Month

A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-10806 MEDIUM POC This Month

An issue was discovered in Frog CMS 0.9.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Frogcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2018-10380 HIGH PATCH This Week

kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Plasma Debian Linux Leap
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1000168 HIGH This Week

nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nghttp2 Node Js Debian Linux
NVD
CVSS 3.1
7.5
EPSS
10.6%
CVE-2018-1239 HIGH This Week

Dell EMC Unity Operating Environment (OE) versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
7.2
EPSS
3.4%
CVE-2018-1000176 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Email Extension
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000175 MEDIUM PATCH This Month

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Path Traversal Html Publisher
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-10805 MEDIUM PATCH This Month

ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-10804 MEDIUM This Month

ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-1000174 MEDIUM PATCH This Month

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Jenkins Open Redirect Google Login
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-1248 MEDIUM This Month

RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Authentication Manager
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1000173 MEDIUM PATCH This Month

A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Jenkins Java Google Authentication Bypass +1
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-6921 MEDIUM This Month

In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6920 MEDIUM This Month

In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6511 MEDIUM This Month

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Puppet Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-6510 MEDIUM This Month

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Puppet Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-1000177 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS S3 Publisher
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10812 MEDIUM This Month

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read. Rated medium severity (CVSS 4.1). No vendor patch available.

Google Information Disclosure Apple Bitcoin Wallet
NVD GitHub
CVSS 3.0
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy