Skip to main content
CVE-2018-11510 CRITICAL POC THREAT Act Now

The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Adm
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
44.8%
CVE-2018-8016 CRITICAL PATCH Act Now

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Atlassian Apache Cassandra
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-12933 CRITICAL PATCH Act Now

PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Buffer Overflow Wine
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-12932 CRITICAL PATCH Act Now

PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Wine
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-12925 CRITICAL Act Now

Baseon Lantronix MSS devices do not require a password for TELNET access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Mss Firmware
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-12924 CRITICAL Act Now

Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cie H10 Firmware Cie H12 Firmware Cie H14 Firmware Cse M53N Firmware +4
NVD
CVSS 3.0
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy