Skip to main content
CVE-2018-7785 CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a remote command injection allows authentication bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Command Injection U Motion Builder
NVD
CVSS 3.0
9.8
EPSS
3.1%
CVE-2018-7784 CRITICAL Act Now

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this exploit occurs when the submitted data of an input string is evaluated as a command by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-7780 CRITICAL Act Now

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, a buffer overflow vulnerability exist in cgi program "set". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Buffer Overflow Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-7778 CRITICAL Act Now

In Schneider Electric Evlink Charging Station versions prior to v3.2.0-12_v1, the Web Interface has an issue that may allow a remote attacker to gain administrative privileges without properly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Evlink Charging Station Firmware
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-4853 CRITICAL Act Now

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-4852 CRITICAL Act Now

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-11746 CRITICAL Act Now

In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Discovery
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-13101 CRITICAL Act Now

KioskSimpleService.exe in RedSwimmer KioskSimple 1.4.7.0 suffers from a privilege escalation vulnerability in the WCF endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Kiosksimple
NVD GitHub
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-11316 CRITICAL Act Now

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sonos Firmware
NVD
CVSS 3.0
9.6
EPSS
1.3%
CVE-2018-11314 CRITICAL Act Now

The External Control API in Roku and Roku TV products allow unauthorized access via a DNS Rebind attack. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Roku Firmware
NVD
CVSS 3.0
9.6
EPSS
1.7%
CVE-2018-13121 MEDIUM POC This Month

RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Realone Player
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-13099 MEDIUM POC PATCH This Month

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Linux Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2018-13094 MEDIUM POC PATCH This Month

An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
2.2%
CVE-2018-13106 MEDIUM POC This Month

ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-7782 HIGH This Week

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, authenticated users can view passwords in clear text. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-7781 HIGH This Week

In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Privilege Escalation Imps110 1 Firmware Imps110 1E Firmware Imps110 1Er Firmware +17
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-7777 HIGH POC THREAT This Week

The vulnerability is due to insufficient handling of update_file request parameter on update_module.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP U Motion Builder
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
31.8%
CVE-2018-7774 HIGH This Week

The vulnerability exists within processing of localize.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7773 HIGH This Week

The vulnerability exists within processing of nfcserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7772 HIGH This Week

The vulnerability exists within processing of applets which are exposed on the web service in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7769 HIGH This Week

The vulnerability exists within processing of xmlserver.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7768 HIGH This Week

The vulnerability exists within processing of loadtemplate.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7767 HIGH This Week

The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-7766 HIGH This Week

The vulnerability exists within processing of track_getdata.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Schneider Electric PHP U Motion Builder
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-4854 HIGH This Week

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-10856 HIGH PATCH This Week

It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Libpod
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-4851 HIGH This Week

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
8.2
EPSS
1.5%
CVE-2018-1080 HIGH PATCH This Week

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Java Authentication Bypass Dogtagpki
NVD
CVSS 3.0
8.1
EPSS
1.5%
CVE-2018-7771 HIGH This Week

The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
8.0
EPSS
1.4%
CVE-2018-13102 HIGH This Week

AnyDesk before "12.06.2018 - 4.1.3" on Windows 7 SP1 has a DLL preloading vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Anydesk
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-13113 HIGH This Week

The transfer and transferFrom functions of a smart contract implementation for Easy Trading Token (ETT), an Ethereum token, have an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Easy Trading Token
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-11051 HIGH This Week

RSA Certificate Manager Versions 6.9 build 560 through 6.9 build 564 contain a path traversal vulnerability in the RSA CMP Enroll Server and the RSA REST Enroll Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rsa Certificate Manager
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-7783 HIGH This Week

Schneider Electric SoMachine Basic prior to v1.6 SP1 suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and retrieval of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XXE Somachine Basic
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-7779 HIGH This Week

In Schneider Electric Wiser for KNX V2.1.0 and prior, homeLYnk V2.0.1 and prior; and spaceLYnk V2.1.0 and prior, weak and unprotected FTP access could allow an attacker unauthorized access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Authentication Bypass Homelynk Firmware Spacelynk Firmware Wiser For Knx Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-10596 HIGH This Week

Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure 2090 Carelink Programmer Firmware
NVD
CVSS 3.1
7.1
EPSS
1.3%
CVE-2018-13122 MEDIUM This Month

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Onefilecms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2018-8036 MEDIUM PATCH This Month

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Pdfbox
NVD
CVSS 3.0
6.5
EPSS
4.8%
CVE-2018-7770 MEDIUM This Month

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-4855 MEDIUM This Month

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-8870 MEDIUM This Month

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass 24950 Mycarelink Monitor Firmware 24952 Mycarelink Monitor Firmware
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2018-8868 MEDIUM This Month

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the. Rated medium severity (CVSS 6.2). No vendor patch available.

RCE 24950 Mycarelink Monitor Firmware 24952 Mycarelink Monitor Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2018-7636 MEDIUM This Month

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-7786 MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS U Motion Builder
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-10855 MEDIUM PATCH This Month

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ansible Engine Cloudforms Openstack Virtualization +2
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2018-9334 MEDIUM This Month

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-9242 MEDIUM This Month

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-13100 MEDIUM This Month

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.0
5.5
EPSS
2.4%
CVE-2018-13098 MEDIUM This Month

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-13097 MEDIUM This Month

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-13096 MEDIUM PATCH This Month

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Linux Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
2.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy