Skip to main content
CVE-2018-3639 MEDIUM POC PATCH THREAT This Month

Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 46.0%.

Authentication Bypass Atom C Atom E Atom X5 E3930 Atom X5 E3940 +278
NVD Exploit-DB VulDB
CVSS 3.1
5.5
EPSS
46.0%
Threat
4.0
CVE-2018-10094 CRITICAL POC PATCH THREAT Act Now

SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Dolibarr
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
71.2%
CVE-2018-11373 CRITICAL POC Act Now

iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-11372 CRITICAL POC Act Now

iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Eswap
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-11369 CRITICAL POC Act Now

An issue was discovered in PbootCMS v1.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Pbootcms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-11371 HIGH POC This Week

SkyCaiji 1.2 allows CSRF to add an Administrator user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Skycaiji
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-11345 HIGH POC This Week

An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Path Traversal As6202T Firmware
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-10092 HIGH POC PATCH This Week

The admin panel in Dolibarr before 7.0.2 might allow remote attackers to execute arbitrary commands by leveraging support for updating the antivirus command and parameters used to scan file uploads. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Dolibarr
NVD GitHub
CVSS 3.0
8.0
EPSS
2.0%
CVE-2018-11365 HIGH POC This Week

sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Readstat
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-11364 HIGH POC This Week

sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Readstat
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-11363 HIGH POC PATCH This Week

jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Pdfgen
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-11341 HIGH POC This Week

Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal As6202T Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-11340 HIGH POC This Week

An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload As6202T Firmware
NVD GitHub
CVSS 3.0
7.2
EPSS
2.1%
CVE-2018-11344 MEDIUM POC This Month

A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal As6202T Firmware
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-10095 MEDIUM POC PATCH THREAT This Month

Cross-site scripting (XSS) vulnerability in Dolibarr before 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Dolibarr
NVD GitHub
CVSS 3.0
6.1
EPSS
87.0%
CVE-2018-11366 MEDIUM POC PATCH This Month

init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS PHP Loginizer
NVD
CVSS 3.0
6.1
EPSS
2.2%
CVE-2018-11339 MEDIUM POC This Month

An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Erpnext
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
4.0%
CVE-2018-9019 CRITICAL PATCH Act Now

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Dolibarr Data Integrator
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-11325 CRITICAL Act Now

An issue was discovered in Joomla!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-11343 MEDIUM POC This Month

A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Soundsgood
NVD GitHub
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-6493 HIGH This Week

SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Network Operations Management Ultimate Network Automation
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-11323 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Joomla
NVD
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-11346 MEDIUM POC This Month

An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure As6202T Firmware
NVD GitHub
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-11342 MEDIUM POC This Month

A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal As6202T Firmware
NVD GitHub
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-11378 HIGH PATCH This Week

The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-6962 HIGH This Week

VMware Fusion (10.x before 10.1.2) contains a signature bypass vulnerability which may lead to a local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11362 HIGH This Week

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-11361 HIGH This Week

In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-11360 HIGH This Week

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.5%
CVE-2018-11359 HIGH This Week

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-11358 HIGH This Week

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-11357 HIGH This Week

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-11356 HIGH This Week

In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-11355 HIGH This Week

In Wireshark 2.6.0, the RTCP dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wireshark
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-11354 HIGH This Week

In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-11322 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

File Upload PHP Joomla
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-11367 HIGH This Week

An issue was discovered in CppCMS before 1.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cppcms
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-11329 HIGH This Week

The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ether Cartel
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-11321 MEDIUM This Month

An issue was discovered in com_fields in Joomla!. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Joomla
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-6492 MEDIUM This Month

Persistent Cross-Site Scripting, and non-persistent HTML Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP XSS Network Operations Management Ultimate Network Automation
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-11093 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link (A) element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ckeditor 5 Link
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2018-6378 MEDIUM This Month

In Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-11324 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Joomla
NVD
CVSS 3.0
5.9
EPSS
1.3%
CVE-2018-3640 MEDIUM PATCH This Month

Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local. Rated medium severity (CVSS 5.6).

Authentication Bypass Atom C Atom E Atom Z Celeron J +195
NVD
CVSS 3.0
5.6
EPSS
7.6%
CVE-2018-11384 MEDIUM PATCH This Month

The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-11383 MEDIUM PATCH This Month

The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-11382 MEDIUM PATCH This Month

The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-11381 MEDIUM PATCH This Month

The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-11380 MEDIUM PATCH This Month

The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-11379 MEDIUM PATCH This Month

The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy