Skip to main content
CVE-2018-11218 CRITICAL POC PATCH THREAT Act Now

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Memory Corruption Buffer Overflow Debian Linux Communications Operations Monitor +1
NVD GitHub
CVSS 3.0
9.8
EPSS
58.5%
CVE-2018-11219 CRITICAL POC PATCH Act Now

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Redis Buffer Overflow Debian Linux Communications Operations Monitor +1
NVD GitHub
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-10997 CRITICAL POC Act Now

Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Etereweb
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-10969 CRITICAL POC Act Now

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Pie Register
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.3%
CVE-2018-12326 HIGH POC PATCH This Week

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Redis RCE Buffer Overflow
NVD GitHub Exploit-DB
CVSS 3.0
8.4
EPSS
2.7%
CVE-2018-12104 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Knowledge Repo
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-12072 CRITICAL Act Now

An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Popcorn A 200 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12071 CRITICAL PATCH Act Now

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Codeigniter
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-12026 CRITICAL PATCH Act Now

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Passenger
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-12338 CRITICAL Act Now

Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure System Management Appliance
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12336 CRITICAL Act Now

Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12027 HIGH PATCH This Week

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Passenger
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-12333 HIGH This Week

Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2018-12330 HIGH This Week

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-12028 HIGH PATCH This Week

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Passenger
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-12334 HIGH This Week

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-12454 HIGH This Week

The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 1000 Guess
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-12331 HIGH This Week

Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass System Management Appliance
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-12335 HIGH This Week

Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure System Management Appliance
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2018-12029 HIGH PATCH This Week

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Nginx Passenger Debian Linux
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-11647 MEDIUM PATCH This Month

index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oauth2Orize Fprm
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-12329 MEDIUM This Month

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-10377 MEDIUM This Month

PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Burp Suite
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-12073 MEDIUM This Month

An issue was discovered on Eminent EM4544 9.10 devices. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

XSS Em4544
NVD GitHub
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-12337 MEDIUM This Month

Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2018-12332 MEDIUM This Month

Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy