Skip to main content
CVE-2018-13876 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-13874 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13873 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-13872 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13871 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-13870 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-13869 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-13868 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-13867 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-13866 CRITICAL POC Act Now

An issue was discovered in the HDF HDF5 1.8.20 library. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-13850 CRITICAL POC Act Now

The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Apple Firebase Push Notification On Ios Fcm Advance Admin Panel
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-13818 CRITICAL POC PATCH Act Now

Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection RCE Twig
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
7.0%
CVE-2018-13797 CRITICAL POC PATCH Act Now

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Command Injection Node Macaddress
NVD GitHub
CVSS 3.0
9.8
EPSS
6.7%
CVE-2018-13875 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-13833 HIGH POC This Week

An issue was discovered in cmft through 2017-09-24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Cmft
NVD GitHub
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-13863 HIGH POC PATCH This Week

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Js Bson
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-13843 HIGH POC This Week

An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Htslib
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-12230 HIGH POC This Week

An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Remicoin
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-13865 MEDIUM POC This Month

An issue was discovered in idreamsoft iCMS 7.0.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Icms
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-13849 MEDIUM POC This Month

edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Instagram Clone
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-13846 CRITICAL Act Now

An issue has been found in Bento4 1.5.1-624. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-13845 CRITICAL Act Now

An issue has been found in HTSlib 1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Htslib
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-5553 CRITICAL Act Now

The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Dge 100 Firmware Dm Dge 200 C Firmware Ts 1542 C Firmware
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-9853 CRITICAL Act Now

Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Freesshd
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-1337 CRITICAL PATCH Act Now

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Directory Ldap Api
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2018-2437 CRITICAL Act Now

The SAP Internet Graphics Service (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to externally trigger IGS command executions which can lead to: disclosure of information and malicious. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Internet Graphics Server
NVD
CVSS 3.0
9.1
EPSS
3.3%
CVE-2018-3628 HIGH This Week

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel RCE Buffer Overflow Active Management Technology Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2018-2436 HIGH This Week

Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP R 3 Enterprise Retail
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-2427 HIGH PATCH This Week

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE SAP Businessobjects Business Intelligence Crystal Reports
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1331 HIGH PATCH This Week

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache RCE Storm
NVD
CVSS 3.0
8.8
EPSS
4.5%
CVE-2018-3682 HIGH This Week

BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Bmc Firmware
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2018-3627 HIGH This Week

Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Converged Security Management Engine Firmware Element Software Management Node
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2018-10887 HIGH PATCH This Week

A flaw was found in libgit2 before version 0.27.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.1%
CVE-2018-10861 HIGH PATCH This Week

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ceph Ceph Storage Ceph Storage Mon Ceph Storage Osd +5
NVD GitHub
CVSS 3.0
8.1
EPSS
3.2%
CVE-2018-3688 HIGH This Week

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Quartus Prime Programmer And Tools
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3687 HIGH This Week

Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Quartus Ii Programmer And Tools
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3684 HIGH This Week

Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Quartus Ii
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3683 HIGH This Week

Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Quartus Prime
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3668 HIGH This Week

Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Processor Diagnostic Tool
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3667 HIGH This Week

Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation RCE Processor Diagnostic Tool
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1566 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM RCE Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1487 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1458 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM RCE Db2
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-3652 HIGH This Week

Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Xeon E3 Xeon E3 1220 V5 Xeon E3 1220 V6 +31
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2018-2438 HIGH This Week

The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Internet Graphics Server
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-2433 HIGH This Week

SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Sap Kernel
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-13848 HIGH This Week

An issue has been found in Bento4 1.5.1-624. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-13847 HIGH This Week

An issue has been found in Bento4 1.5.1-624. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-13844 HIGH This Week

An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Htslib
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-12461 HIGH This Week

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edirectory
NVD
CVSS 3.0
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy