Skip to main content
CVE-2018-12326 HIGH POC PATCH This Week

Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Redis RCE Buffer Overflow
NVD GitHub Exploit-DB
CVSS 3.0
8.4
EPSS
2.7%
CVE-2018-12027 HIGH PATCH This Week

An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Passenger
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-12333 HIGH This Week

Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2018-12330 HIGH This Week

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
8.1
EPSS
0.8%
CVE-2018-12028 HIGH PATCH This Week

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Passenger
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-12334 HIGH This Week

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Secure Boot Stick Firmware
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-12454 HIGH This Week

The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 1000 Guess
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-12331 HIGH This Week

Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass System Management Appliance
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-12335 HIGH This Week

Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure System Management Appliance
NVD
CVSS 3.0
7.3
EPSS
0.4%
CVE-2018-12029 HIGH PATCH This Week

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently. Rated high severity (CVSS 7.0). No vendor patch available.

Race Condition Privilege Escalation Nginx Passenger Debian Linux
NVD
CVSS 3.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy