Skip to main content
CVE-2018-11218 CRITICAL POC PATCH THREAT Act Now

Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Redis Memory Corruption Buffer Overflow Debian Linux Communications Operations Monitor +1
NVD GitHub
CVSS 3.0
9.8
EPSS
58.5%
CVE-2018-11219 CRITICAL POC PATCH Act Now

An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Redis Buffer Overflow Debian Linux Communications Operations Monitor +1
NVD GitHub
CVSS 3.0
9.8
EPSS
7.1%
CVE-2018-10997 CRITICAL POC Act Now

Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Etereweb
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-10969 CRITICAL POC Act Now

SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Pie Register
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
5.3%
CVE-2018-12072 CRITICAL Act Now

An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Popcorn A 200 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12071 CRITICAL PATCH Act Now

A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Codeigniter
NVD GitHub
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-12026 CRITICAL PATCH Act Now

During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Passenger
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-12338 CRITICAL Act Now

Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure System Management Appliance
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12336 CRITICAL Act Now

Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy