Skip to main content
CVE-2018-12601 CRITICAL POC Act Now

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Sam2P Debian Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-6213 CRITICAL POC Act Now

In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass D-Link Dir 620 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-12327 CRITICAL POC THREAT Act Now

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Ntp
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
29.0%
CVE-2018-1132 CRITICAL POC Act Now

A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Red Hat Sdninterfaceapp
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
2.9%
CVE-2018-12600 HIGH POC This Week

In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ubuntu Linux Debian Linux Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-12599 HIGH POC This Week

In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ubuntu Linux Debian Linux Imagemagick
NVD GitHub
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-6563 HIGH POC This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Encryption Gateway
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-12604 HIGH POC THREAT This Week

GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Greencms
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
13.3%
CVE-2018-6211 HIGH POC This Week

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 620 Firmware
NVD
CVSS 3.0
7.2
EPSS
5.8%
CVE-2018-6212 MEDIUM POC This Month

On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS D-Link Dir 620 Firmware
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0314 CRITICAL Act Now

A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Cisco Nexus 7000 Firmware Nexus 5000 Firmware +3
NVD
CVSS 3.0
9.8
EPSS
6.0%
CVE-2018-0312 CRITICAL Act Now

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Cisco Nexus 7000 Firmware +4
NVD
CVSS 3.0
9.8
EPSS
5.7%
CVE-2018-0308 CRITICAL Act Now

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Cisco Nexus 7000 Firmware +4
NVD
CVSS 3.0
9.8
EPSS
5.7%
CVE-2018-0304 CRITICAL Act Now

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Cisco Nexus 7000 Firmware +4
NVD
CVSS 3.0
9.8
EPSS
8.7%
CVE-2018-0301 CRITICAL Act Now

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Cisco Nx Os
NVD
CVSS 3.0
9.8
EPSS
17.7%
CVE-2018-1117 CRITICAL Act Now

ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ovirt Ansible Roles Enterprise Virtualization
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-1120 MEDIUM POC PATCH This Month

A flaw was found affecting the Linux kernel before version 4.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Heap Overflow Linux Denial Of Service Buffer Overflow Linux Kernel +6
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
7.3%
CVE-2018-0330 HIGH This Week

A vulnerability in the NX-API management application programming interface (API) in devices running, or based on, Cisco NX-OS Software could allow an authenticated, remote attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os
NVD
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-0293 HIGH This Week

A vulnerability in role-based access control (RBAC) for Cisco NX-OS Software could allow an authenticated, remote attacker to execute CLI commands that should be restricted for a nonadministrative. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os
NVD
CVSS 3.0
8.8
EPSS
4.8%
CVE-2018-0292 HIGH This Week

A vulnerability in the Internet Group Management Protocol (IGMP) Snooping feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code and gain full. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Cisco Nx Os
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-5428 HIGH This Week

The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Data Virtualization
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-10841 HIGH PATCH This Week

glusterfs is vulnerable to privilege escalation on gluster server nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Glusterfs Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2018-5237 HIGH This Week

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Protection
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-0307 HIGH This Week

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Cisco Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-11707 HIGH This Week

FastStone Image Viewer 6.2 has a User Mode Read and Execute AV at 0x0057898e, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11706 HIGH This Week

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578dd8, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11705 HIGH This Week

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cc4, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11704 HIGH This Week

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d7d, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11703 HIGH This Week

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00402d6a, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11702 HIGH This Week

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x00578cb3, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-11701 HIGH This Week

FastStone Image Viewer 6.2 has a User Mode Write AV at 0x005cb509, triggered when the user opens a malformed JPEG file that is mishandled by FSViewer.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Image Viewer
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-12594 HIGH This Week

Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mach Prowebcom Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2018-0295 HIGH This Week

A vulnerability in the Border Gateway Protocol (BGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-12558 HIGH This Week

The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-12592 HIGH This Week

Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Realpresence Web Suite
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-8030 HIGH PATCH This Week

A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Qpid Broker J
NVD
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-12591 HIGH This Week

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an improperly neutralized element in an OS command due to lack of protection on the admin CLI, leading to code execution and privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Ubiquiti Command Injection Edgeswitch Firmware
NVD
CVSS 3.0
7.2
EPSS
1.9%
CVE-2018-12590 HIGH This Week

Ubiquiti Networks EdgeSwitch version 1.7.3 and prior suffer from an externally controlled format-string vulnerability due to lack of protection on the admin CLI, leading to code execution and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Ubiquiti Edgeswitch Firmware
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2018-0294 MEDIUM This Month

A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to configure an unauthorized administrator account for an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Nx Os Firepower Extensible Operating System Fxos
NVD
CVSS 3.0
6.7
EPSS
0.5%
CVE-2018-0291 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-5236 MEDIUM This Month

Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Race Condition Information Disclosure Endpoint Protection
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-9036 MEDIUM This Month

CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Canopy
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-12446 LOW Monitor

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. Rated low severity (CVSS 3.6). No vendor patch available.

Google Authentication Bypass Dropbox
NVD GitHub
CVSS 3.0
3.6
EPSS
0.3%
CVE-2018-12445 LOW Monitor

An issue was discovered in the com.dropbox.android application 98.2.2 for Android. Rated low severity (CVSS 3.1), this vulnerability is no authentication required. No vendor patch available.

Google Authentication Bypass Dropbox
NVD GitHub
CVSS 3.0
3.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy