Skip to main content
CVE-2018-12447 HIGH POC This Week

The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.8 and other products, has an integer overflow that leads to a heap-based buffer overflow and remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Libbpg
NVD GitHub
CVSS 3.0
8.8
EPSS
3.8%
CVE-2018-12035 HIGH POC PATCH This Week

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Yara
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-12034 HIGH POC PATCH This Week

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Yara
NVD GitHub
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-1460 HIGH POC This Week

IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation IBM Puredata System For Analytics
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-12492 HIGH POC This Week

PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Phpok
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-12457 HIGH PATCH This Week

expressCart before 1.1.6 allows remote attackers to create an admin user via a /admin/setup Referer header. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Expresscart
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-5863 HIGH PATCH This Week

If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5857 HIGH PATCH This Week

In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5854 HIGH PATCH This Week

A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Google Mozilla Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy