Skip to main content
CVE-2018-1060 HIGH POC This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Python Fedora Ubuntu Linux Ansible Tower +4
NVD
CVSS 3.1
7.5
EPSS
5.3%
CVE-2018-9023 HIGH This Week

An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Privileged Access Manager
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-9028 HIGH This Week

Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Privileged Access Manager
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-9026 HIGH This Week

A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Privileged Access Manager
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-9025 HIGH This Week

An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Privileged Access Manager
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1333 HIGH This Week

By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Http Server Jboss Core Services Ubuntu Linux +2
NVD
CVSS 3.0
7.5
EPSS
17.1%
CVE-2018-1090 HIGH This Week

In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pulp Fedora Satellite
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-1153 HIGH This Week

Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Burp Suite
NVD
CVSS 3.0
7.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy