Skip to main content
CVE-2018-10058 HIGH POC This Week

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cgminer Bfgminer
NVD GitHub
CVSS 3.0
8.8
EPSS
3.9%
CVE-2018-11740 HIGH POC This Week

An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-11739 HIGH POC This Week

An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-11738 HIGH POC This Week

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-11737 HIGH POC This Week

An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-10966 HIGH POC PATCH This Week

An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Gamerpolls
NVD GitHub
CVSS 3.0
7.3
EPSS
1.6%
CVE-2018-10813 HIGH POC This Week

In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Dedos Web
NVD GitHub
CVSS 3.0
7.3
EPSS
1.1%
CVE-2018-1000189 HIGH PATCH This Week

A command execution vulnerability exists in Jenkins Absint Astree Plugin 1.0.5 and older in AstreeBuilder.java that allows attackers with Overall/Read access to execute a command on the Jenkins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Absint Astree
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-7943 HIGH This Week

There is an authentication bypass vulnerability in some Huawei servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Huawei 1288H V5 Firmware 2288H V5 Firmware 2488 V5 Firmware +17
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-1252 HIGH This Week

RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Web Threat Detection
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-10597 HIGH This Week

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Intellivue Mp2 Firmware Intellivue X2 Firmware Intellivue Mp30 Firmware Intellivue Mp50 Firmware +14
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2018-10601 HIGH This Week

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon. Rated high severity (CVSS 8.2), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Stack Overflow Intellivue Mp2 Firmware Intellivue X2 Firmware Intellivue Mp30 Firmware +15
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2018-1000197 HIGH PATCH This Week

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins Black Duck Hub
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-1000194 HIGH PATCH This Week

A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Path Traversal Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2018-7884 HIGH This Week

An issue was discovered in DisplayLink Core Software Cleaner Application 8.2.1956. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Core Software Cleaner
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-6662 HIGH This Week

Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Management Of Native Encryption
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2018-1000181 HIGH This Week

Kitura 2.3.0 and earlier have an unintended read access to unauthorised files and folders that can be exploited by a crafted URL resulting in information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kitura
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-1000180 HIGH PATCH This Week

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bc Java Fips Java Api Debian Linux Api Gateway +16
NVD GitHub
CVSS 3.0
7.5
EPSS
3.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy