Skip to main content
CVE-2018-11243 HIGH POC This Week

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Upx
NVD GitHub
CVSS 3.0
7.8
EPSS
2.5%
CVE-2018-11237 HIGH POC PATCH This Week

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Glibc Virtualization Host Enterprise Linux Desktop +7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-11256 MEDIUM POC This Month

An issue was discovered in PoDoFo 0.9.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11251 MEDIUM POC This Month

In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-11248 CRITICAL Act Now

util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an attachment's name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Filedownloader
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-11236 CRITICAL PATCH Act Now

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Glibc Virtualization Host +7
NVD
CVSS 3.0
9.8
EPSS
7.4%
CVE-2018-10968 CRITICAL Act Now

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 550A Firmware Dir 604M Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-11255 MEDIUM POC This Month

An issue was discovered in PoDoFo 0.9.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-1000400 HIGH PATCH This Week

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes Cri O
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-9250 HIGH PATCH This Week

interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
31.5%
CVE-2018-10967 HIGH This Week

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE D-Link Command Injection Dir 550A Firmware Dir 604M Firmware
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-8867 HIGH This Week

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pacsystems Rx3I Cpe305 Firmware Pacsystems Rx3I Cpe310 Firmware Rx3I Cpe330 Firmware Rx3I Cpe 400 Firmware +4
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-6562 HIGH This Week

totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Totemomail Encryption Gateway
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2018-8015 HIGH PATCH This Week

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Buffer Overflow Orc
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-5256 HIGH This Week

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Tectonic
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-1148 MEDIUM This Month

In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Nessus
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-11245 MEDIUM PATCH This Month

app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-10307 MEDIUM PATCH This Month

error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ilias
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-10306 MEDIUM PATCH This Month

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ilias
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-11254 MEDIUM This Month

An issue was discovered in PoDoFo 0.9.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-11232 MEDIUM PATCH This Month

The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1147 MEDIUM This Month

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nessus
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-11244 MEDIUM This Month

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Bbe Theme
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-8849 MEDIUM This Month

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure N Vision 8840 Firmware N Vision 8870 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy