Skip to main content
CVE-2018-1151 CRITICAL POC Act Now

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Buffer Overflow Tv Live Hub Firmware Tv Media Player Firmware
NVD
CVSS 3.0
9.8
EPSS
8.4%
CVE-2018-12254 HIGH POC This Week

router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ek Rishta
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-12249 HIGH POC PATCH This Week

An issue was discovered in mruby 1.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Mruby Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-12259 MEDIUM POC This Month

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Momentum Axel 720P Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-12258 MEDIUM POC This Month

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Momentum Axel 720P Firmware
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-12260 MEDIUM POC This Month

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Momentum Axel 720P Firmware
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-12228 MEDIUM POC This Month

An issue was discovered in Asterisk Open Source 15.x before 15.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Asterisk
NVD
CVSS 3.0
6.5
EPSS
6.8%
CVE-2018-10509 HIGH This Week

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-10508 HIGH PATCH This Week

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to use a specially crafted URL to elevate account permissions on vulnerable installations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-12261 MEDIUM POC This Month

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Momentum Axel 720P Firmware
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2018-12257 MEDIUM POC This Month

An issue was discovered on Momentum Axel 720P 5.1.8 devices. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Momentum Axel 720P Firmware
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2018-10507 MEDIUM POC PATCH This Month

A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Trend Micro Officescan
NVD Exploit-DB
CVSS 3.0
4.4
EPSS
1.4%
CVE-2018-5851 HIGH PATCH This Week

Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5848 HIGH PATCH This Week

In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android +5
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-5847 HIGH PATCH This Week

Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5844 HIGH PATCH This Week

In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5843 HIGH PATCH This Week

In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5842 HIGH PATCH This Week

An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3582 HIGH PATCH This Week

Buffer overflow can occur due to improper input validation in multiple WMA event handler functions in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3581 HIGH PATCH This Week

In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3576 HIGH PATCH This Week

improper validation of array index in WiFi driver function sapInterferenceRssiCount() leads to array out-of-bounds access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3572 HIGH PATCH This Week

While processing a DSP buffer in an audio driver's event handler, an index of a buffer is not checked before accessing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3571 HIGH PATCH This Week

In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-1075 HIGH This Week

ovirt-engine up to version 4.2.3 is vulnerable to an unfiltered password when choosing manual db provisioning. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ovirt
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-12233 HIGH This Week

In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2018-0496 HIGH PATCH This Week

Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 (as well as in RTsoft's Dink Smallwood HD / ProtonSDK version) before 3.14 allow an attacker to overwrite arbitrary files on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Dfarc Dfarc2 Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-2424 HIGH This Week

SAP UI5 did not validate user input before adding it to the DOM structure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Hana Database Ui Ui5 +1
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-12248 HIGH PATCH This Week

An issue was discovered in mruby 1.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Mruby
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-12247 HIGH PATCH This Week

An issue was discovered in mruby 1.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Mruby
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-1070 HIGH This Week

routing before version 3.10 is vulnerable to an improper input validation of the Openshift Routing configuration which can cause an entire shard to be brought down. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Openshift Container Platform
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-0732 HIGH PATCH This Week

During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Ubuntu Linux Debian Linux Node Js
NVD
CVSS 3.1
7.5
EPSS
49.3%
CVE-2018-5718 HIGH This Week

Improper restriction of write operations within the bounds of a memory buffer in snscore.sys in SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, SoftControl/SafenSoft Enterprise Suite. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Softcontrol Enterprise Suite Softcontrol Syswatch Softcontrol Tpsecure
NVD
CVSS 3.0
7.1
EPSS
0.3%
CVE-2018-5849 HIGH PATCH This Week

Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same. Rated high severity (CVSS 7.0).

Google Denial Of Service Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-5814 HIGH PATCH This Week

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a. Rated high severity (CVSS 7.0).

Race Condition Denial Of Service Linux Linux Kernel Debian Linux +1
NVD
CVSS 3.0
7.0
EPSS
0.4%
CVE-2018-1103 MEDIUM PATCH This Month

Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Source To Image
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-12229 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Journal System
NVD GitHub
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-12232 MEDIUM PATCH This Month

In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.9
EPSS
6.6%
CVE-2018-3579 MEDIUM PATCH This Month

In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, event->num_entries_in_page is a value received from firmware that is not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-5803 MEDIUM This Month

In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Debian Linux Virtualization Host +3
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-2425 MEDIUM This Month

Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SAP Business One
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10470 MEDIUM This Month

Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Little Snitch
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2018-2428 MEDIUM This Month

Under certain conditions SAP UI5 Handler allows an attacker to access information which would otherwise be restricted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Infrastructure Ui
NVD
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-12227 MEDIUM PATCH This Month

An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Asterisk Certified Asterisk Debian Linux
NVD
CVSS 3.0
5.3
EPSS
3.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy