Skip to main content
CVE-2018-11438 HIGH POC This Week

The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Libmobi
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-11556 HIGH POC This Week

tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Little Cms
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-11555 HIGH POC This Week

tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Little Cms
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-11235 HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux Ubuntu Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
49.2%
CVE-2018-11481 HIGH This Week

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE TP-Link Ipc Tl Ipc223 P 6 Firmware Tl Ipc323K D Firmware Tl Ipc325 Kp Firmware +1
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-11478 HIGH This Week

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Icar 2 Wi Fi Obd2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-11476 HIGH This Week

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Icar 2 Wi Fi Obd2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-11518 HIGH This Week

A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Legacy Ivr Firmware
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-11233 HIGH This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ubuntu Linux Git
NVD
CVSS 3.0
7.5
EPSS
4.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy