Skip to main content
CVE-2018-12571 CRITICAL POC THREAT Act Now

uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SSRF Forefront Unified Access Gateway
NVD
CVSS 3.0
9.8
EPSS
30.3%
CVE-2018-12113 CRITICAL POC Act Now

Core FTP LE version 2.2 Build 1921 is prone to a buffer overflow vulnerability that may result in a DoS or remote code execution via a PASV response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Core Ftp
NVD GitHub
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-3767 CRITICAL POC Act Now

`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Memjs
NVD
CVSS 3.0
9.1
EPSS
1.5%
CVE-2018-13052 CRITICAL Act Now

In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Privilege Manager
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-12976 CRITICAL PATCH Act Now

In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted <go-import> tags in packages being fetched by gddo to cause a directory traversal and remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Go Doc Dot Org
NVD GitHub
CVSS 3.0
9.8
EPSS
4.5%
CVE-2018-12910 CRITICAL PATCH Act Now

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libsoup Ubuntu Linux Debian Linux +6
NVD
CVSS 3.0
9.8
EPSS
4.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy