Skip to main content
CVE-2018-12613 HIGH POC PATCH THREAT Act Now

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Phpmyadmin
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
98.5%
CVE-2018-12630 CRITICAL POC Act Now

NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Nmcms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-12631 HIGH POC This Week

Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Redatam
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
3.3%
CVE-2018-12617 HIGH POC PATCH THREAT This Week

qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Qemu Ubuntu Linux Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
25.3%
CVE-2018-7679 CRITICAL Act Now

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Solutions Business Manager
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-12526 CRITICAL Act Now

Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sdt Cs3B1 Firmware Sdt Cw3B1 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-0712 CRITICAL Act Now

Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20180402, QTS 4.3.4 build 20180413 and their earlier versions could allow remote attackers to run. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qts
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-0310 CRITICAL Act Now

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to obtain sensitive information from memory or. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os Firepower Extensible Operating System
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-12632 MEDIUM POC This Month

Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Redatam
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-0365 HIGH This Week

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Secure Firewall Management Center Firepower Appliance 8360 Firmware Firepower Management Center 2500 Firmware +29
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-0364 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Communications Domain Manager
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-0363 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (formerly CUPS) could allow an unauthenticated, remote attacker to conduct a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Communications Manager Im And Presence Service
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-0313 HIGH This Week

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Cisco Nx Os
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2018-0303 HIGH This Week

A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Buffer Overflow Cisco Nx Os +1
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-0305 HIGH This Week

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cisco Nexus 7000 Firmware Nexus 5000 Firmware +3
NVD
CVSS 3.0
8.6
EPSS
2.3%
CVE-2018-0337 HIGH This Week

A vulnerability in the role-based access-checking mechanisms of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2018-0306 HIGH This Week

A vulnerability in the CLI parser of Cisco NX-OS Software could allow an authenticated, local attacker to perform a command-injection attack on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Cisco Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2018-0302 HIGH This Week

A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Buffer Overflow Cisco Nx Os Firepower Extensible Operating System
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-0309 HIGH This Week

A vulnerability in the implementation of a specific CLI command and the associated Simple Network Management Protocol (SNMP) MIB for Cisco NX-OS (in standalone NX-OS mode) on Cisco Nexus 3000 and. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
7.7
EPSS
2.0%
CVE-2018-7683 HIGH This Week

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Solutions Business Manager
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-0358 HIGH This Week

A vulnerability in the file descriptor handling of Cisco TelePresence Video Communication Server (VCS) Expressway could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Telepresence Video Communication Server
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2018-0311 HIGH This Week

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Nx Os Firepower Extensible Operating System
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-0298 HIGH This Week

A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Interconnect Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Cisco Nx Os Firepower Extensible Operating System
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-0300 HIGH This Week

A vulnerability in the process of uploading new application images to Cisco FXOS on the Cisco Firepower 4100 Series Next-Generation Firewall (NGFW) and Firepower 9300 Security Appliance could allow. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Cisco Fxos
NVD
CVSS 3.0
7.2
EPSS
7.4%
CVE-2018-0371 MEDIUM This Month

A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Meeting Server
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-0331 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol (formerly known as CDP) subsystem of devices running, or based on, Cisco NX-OS Software contain a vulnerability that could allow an unauthenticated,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os Firepower Extensible Operating System Fxos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2018-0299 MEDIUM This Month

A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco NX-OS on the Cisco Nexus 4000 Series Switch could allow an authenticated, remote attacker to cause the device to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Nx Os
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-12581 MEDIUM PATCH This Month

An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Phpmyadmin
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-7680 MEDIUM This Month

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Solutions Business Manager
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-1254 MEDIUM This Month

RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rsa Authentication Manager
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-1253 MEDIUM This Month

RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rsa Authentication Manager
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2018-3665 MEDIUM This Month

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Information Disclosure Core I3 Core I5 Core I7 +11
NVD
CVSS 3.1
5.6
EPSS
0.6%
CVE-2018-0373 MEDIUM This Month

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Cisco Anyconnect Secure Mobility Client
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-0359 MEDIUM This Month

A vulnerability in the session identification management functionality of the web-based management interface for Cisco Meeting Server could allow an unauthenticated, local attacker to hijack a valid. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Cisco Meeting Server
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-12615 MEDIUM PATCH This Month

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Passenger
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-7681 MEDIUM This Month

Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Solutions Business Manager
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-0362 MEDIUM This Month

A vulnerability in BIOS authentication management of Cisco 5000 Series Enterprise Network Compute System and Cisco Unified Computing (UCS) E-Series Servers could allow an unauthenticated, local. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco 5400 Enterprise Network Compute System Firmware 5100 Enterprise Network Compute System Firmware Ucs E160S M3 Firmware +18
NVD
CVSS 3.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy