Skip to main content
CVE-2018-12265 HIGH POC This Week

Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-12264 HIGH POC This Week

Exiv2 0.26 has integer overflows in LoaderTiff::getData() in preview.cpp, leading to an out-of-bounds read in Exiv2::ValueType::setDataArea in value.hpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Exiv2 Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-10408 HIGH POC This Week

An issue was discovered in VirusTotal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Virustotal
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-10406 HIGH POC PATCH This Week

An issue was discovered in Yelp OSXCollector. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Osxcollector
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-10405 HIGH POC This Week

An issue was discovered in Google Santa and molcodesignchecker. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Apple Santa
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10404 HIGH POC This Week

An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Knockknock Lulu Procinfo +2
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-10403 HIGH POC This Week

An issue was discovered in F-Secure XFENCE and Little Flocker. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Xfence
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-12019 HIGH POC This Week

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-12354 HIGH This Week

Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Knowage
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-11406 HIGH PATCH This Week

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Symfony Debian Linux
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-12263 HIGH This Week

portfolioCMS 1.0.5 allows upload of arbitrary .php files via the admin/portfolio.php?newpage=true URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Portfoliocms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11806 HIGH PATCH This Week

m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Qemu Ubuntu Linux Openstack +8
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2018-11385 HIGH PATCH This Week

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Symfony Debian Linux Fedora
NVD
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-12321 HIGH PATCH This Week

There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Java Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-12320 HIGH PATCH This Week

There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Java Memory Corruption Denial Of Service Use After Free Radare2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-1431 HIGH This Week

A vulnerability in GSKit affects IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.3, and 5.0.0 that could allow a local attacker to obtain control of the Spectrum Scale daemon and to access and modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure General Parallel File System Spectrum Scale
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-10363 HIGH This Week

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Booking Calendar
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-7167 HIGH This Week

Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
7.2%
CVE-2018-7164 HIGH This Week

Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
6.4%
CVE-2018-7162 HIGH This Week

All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
7.0%
CVE-2018-7161 HIGH PATCH This Week

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2018-12291 HIGH PATCH This Week

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synapse
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy