Skip to main content
CVE-2018-11243 HIGH POC This Week

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Upx
NVD GitHub
CVSS 3.0
7.8
EPSS
2.5%
CVE-2018-11237 HIGH POC PATCH This Week

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Glibc Virtualization Host Enterprise Linux Desktop +7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-1000400 HIGH PATCH This Week

Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Kubernetes Cri O
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-9250 HIGH PATCH This Week

interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi PHP Openemr
NVD GitHub
CVSS 3.0
8.8
EPSS
31.5%
CVE-2018-10967 HIGH This Week

On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE D-Link Command Injection Dir 550A Firmware Dir 604M Firmware
NVD
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-8867 HIGH This Week

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pacsystems Rx3I Cpe305 Firmware Pacsystems Rx3I Cpe310 Firmware Rx3I Cpe330 Firmware Rx3I Cpe 400 Firmware +4
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-6562 HIGH This Week

totemomail Encryption Gateway before 6.0_b567 allows remote attackers to obtain sensitive information about user sessions and encryption key material via a JSONP hijacking attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Totemomail Encryption Gateway
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2018-8015 HIGH PATCH This Week

In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an endlessly recursive function call in the C++ or Java parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Buffer Overflow Orc
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-5256 HIGH This Week

CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before 1.8.4-tectonic.3 mounts a direct proxy to the kubernetes cluster at /api/kubernetes/ which is accessible without authentication to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Tectonic
NVD
CVSS 3.1
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy