Skip to main content
CVE-2018-12589 HIGH POC THREAT This Week

Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft RCE Polaris Office 2017
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
20.3%
CVE-2018-12934 HIGH POC This Week

remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Binutils
NVD
CVSS 3.0
7.5
EPSS
3.3%
CVE-2018-12921 HIGH POC This Week

Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gaugetech Nexus Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-12931 HIGH This Week

ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Buffer Overflow Ubuntu Linux +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-12930 HIGH This Week

ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Linux Denial Of Service Buffer Overflow Linux Kernel +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-12927 HIGH This Week

Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Northern Electric Power Inverter Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-12926 HIGH This Week

Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pharos Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-12923 HIGH This Week

BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ha Bridge
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-12922 HIGH This Week

Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Liebert Intellislot Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2018-12920 HIGH This Week

Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brickstream 2300 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy