Skip to main content
CVE-2018-3852 HIGH POC This Week

An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ocularis
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-11553 MEDIUM POC This Month

SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xiangyun Platform
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-7510 CRITICAL Act Now

In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scroll Medical Air Systems Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-11808 CRITICAL Act Now

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Information Disclosure Manageengine Applications Manager
NVD GitHub
CVSS 3.0
9.1
EPSS
6.4%
CVE-2018-5850 HIGH PATCH This Week

In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Integer Overflow Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5846 HIGH PATCH This Week

A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5841 HIGH PATCH This Week

dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5840 HIGH PATCH This Week

Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3580 HIGH PATCH This Week

Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Google Mozilla Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3578 HIGH PATCH This Week

Type mismatch for ie_len can cause the WLAN driver to allocate less memory on the heap due to implicit casting leading to a heap buffer overflow in all Android releases from CAF (Android for MSM,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-3565 HIGH PATCH This Week

While sending a probe request indication in lim_send_sme_probe_req_ind() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1000203 HIGH This Week

Soar Labs Soar Coin version up to and including git commit 4a2aa71ee21014e2880a3f7aad11091ed6ad434f (latest release as of Sept 2017) contains an intentional backdoor vulnerability in the function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Soarcoin
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-11813 HIGH This Week

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libjpeg
NVD GitHub
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-1265 HIGH This Week

Cloud Foundry Diego, release versions prior to 2.8.0, does not properly sanitize file paths in tar and zip files headers. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cf Deployment Cloud Foundry Diego
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-1456 HIGH PATCH This Week

IBM Rhapsody DM 5.0 through 5.0.2 and 6.0 through 6.0.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Rational Rhapsody Design Manager Rational Software Architect Design Manager
NVD
CVSS 3.0
7.1
EPSS
2.0%
CVE-2018-5845 HIGH PATCH This Week

A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Google Denial Of Service Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-1268 MEDIUM This Month

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Loggregator
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2018-1269 MEDIUM This Month

Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not handle errors thrown while constructing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Loggregator
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-3562 MEDIUM PATCH This Month

Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-10198 MEDIUM PATCH This Month

An issue was discovered in OTRS 6.0.x before 6.0.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Otrs
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy