Skip to main content
CVE-2018-9022 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation RCE Privileged Access Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
20.4%
CVE-2018-9021 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Privilege Escalation Privileged Access Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
19.4%
CVE-2018-12531 CRITICAL POC Act Now

An issue was discovered in MetInfo 6.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Metinfo
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-12532 CRITICAL POC Act Now

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Richfaces
NVD
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-1060 HIGH POC This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Fedora Ubuntu Linux Ansible Tower +4
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2018-12530 MEDIUM POC This Month

An issue was discovered in MetInfo 6.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Path Traversal PHP Metinfo
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-10623 CRITICAL Act Now

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure RCE Buffer Overflow Delta Industrial Automation Dopsoft
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-10621 CRITICAL Act Now

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Delta Industrial Automation Dopsoft
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-10617 CRITICAL Act Now

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow RCE Buffer Overflow Delta Industrial Automation Dopsoft
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2018-9029 CRITICAL Act Now

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Privileged Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-12534 CRITICAL Act Now

A SQL injection issue was discovered in the Quick Chat plugin before 4.00 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Quick Chat
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12533 CRITICAL Act Now

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Richfaces
NVD
CVSS 3.0
9.8
EPSS
21.4%
CVE-2018-12525 MEDIUM POC This Month

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monitoring And Debugging Dashboard
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
7.2%
CVE-2018-12524 MEDIUM POC This Month

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monitoring And Debugging Dashboard
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
7.2%
CVE-2018-12523 MEDIUM POC This Month

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monitoring And Debugging Dashboard
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
7.2%
CVE-2018-12522 MEDIUM POC This Month

An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Monitoring And Debugging Dashboard
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
7.2%
CVE-2018-9023 HIGH This Week

An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Privileged Access Manager
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-9028 HIGH This Week

Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Privileged Access Manager
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-9026 HIGH This Week

A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Privileged Access Manager
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-9025 HIGH This Week

An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Privileged Access Manager
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1333 HIGH This Week

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Http Server Jboss Core Services Ubuntu Linux +2
NVD
CVSS 3.0
7.5
EPSS
17.1%
CVE-2018-1090 HIGH This Week

In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pulp Fedora Satellite
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1153 HIGH This Week

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Burp Suite
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2018-1152 MEDIUM PATCH This Month

libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libjpeg Turbo Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.4%
CVE-2018-9027 MEDIUM This Month

A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ca Privileged Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-9024 MEDIUM This Month

An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privileged Access Manager
NVD
CVSS 3.0
5.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy