Skip to main content
CVE-2018-1000520 HIGH This Week

ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mbed Tls
NVD GitHub
CVSS 3.0
7.5
EPSS
0.7%
CVE-2018-10852 HIGH This Week

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Sssd Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-0584 HIGH This Week

IIJ SmartKey App for Android version 2.1.0 and earlier allows remote attackers to bypass authentication [effect_of_bypassing_authentication] via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Smartkey
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-1000605 HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Collabnet
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-0611 HIGH This Week

The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Ana
NVD
CVSS 3.0
7.4
EPSS
0.5%
CVE-2018-4860 HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Command Injection Scalance M875 Firmware
NVD
CVSS 3.0
7.2
EPSS
3.7%
CVE-2018-4859 HIGH This Week

A vulnerability has been identified in SCALANCE M875 (All versions). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Siemens Command Injection Scalance M875 Firmware
NVD
CVSS 3.0
7.2
EPSS
3.7%
CVE-2018-1000608 HIGH PATCH This Week

A exposure of sensitive information vulnerability exists in Jenkins z/OS Connector Plugin 1.2.6.1 and earlier in SCLMSCM.java that allows an attacker with local file system access or control of a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Z Os Connector
NVD
CVSS 3.0
7.2
EPSS
1.0%
CVE-2018-1000527 HIGH PATCH This Week

Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Information Disclosure RCE PHP Froxlor
NVD GitHub
CVSS 3.0
7.2
EPSS
2.6%
CVE-2018-1000502 HIGH This Week

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Mybb
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-0610 HIGH This Week

Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Zenphoto
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-0606 HIGH This Week

SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pixelpost
NVD
CVSS 3.0
7.2
EPSS
1.1%
CVE-2018-0604 HIGH This Week

Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Pixelpost
NVD
CVSS 3.0
7.2
EPSS
1.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy