Skip to main content
CVE-2018-13875 HIGH POC This Week

An issue was discovered in the HDF HDF5 1.8.20 library. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Hdf5
NVD GitHub
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-13833 HIGH POC This Week

An issue was discovered in cmft through 2017-09-24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Cmft
NVD GitHub
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-13863 HIGH POC PATCH This Week

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Js Bson
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-13843 HIGH POC This Week

An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Htslib
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-12230 HIGH POC This Week

An wrong logical check identified in the transferFrom function of a smart contract implementation for RemiCoin (RMC), an Ethereum ERC20 token, allows the attacker to steal tokens or conduct resultant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Remicoin
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-3628 HIGH This Week

Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel RCE Buffer Overflow Active Management Technology Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2018-2436 HIGH This Week

Executing transaction WRCK in SAP R/3 Enterprise Retail (EHP6) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP R 3 Enterprise Retail
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-2427 HIGH PATCH This Week

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, and SAP Crystal Reports (version for Visual Studio .NET, Version 2010) allows an attacker to inject code that can be executed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE SAP Businessobjects Business Intelligence Crystal Reports
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-1331 HIGH PATCH This Week

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache RCE Storm
NVD
CVSS 3.0
8.8
EPSS
4.5%
CVE-2018-3682 HIGH This Week

BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Bmc Firmware
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2018-3627 HIGH This Week

Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Converged Security Management Engine Firmware Element Software Management Node
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2018-10887 HIGH PATCH This Week

A flaw was found in libgit2 before version 0.27.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.1%
CVE-2018-10861 HIGH PATCH This Week

A flaw was found in the way ceph mon handles user requests. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Ceph Ceph Storage Ceph Storage Mon Ceph Storage Osd +5
NVD GitHub
CVSS 3.0
8.1
EPSS
3.2%
CVE-2018-3688 HIGH This Week

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Quartus Prime Programmer And Tools
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3687 HIGH This Week

Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Quartus Ii Programmer And Tools
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3684 HIGH This Week

Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Quartus Ii
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3683 HIGH This Week

Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Quartus Prime
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3668 HIGH This Week

Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Processor Diagnostic Tool
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-3667 HIGH This Week

Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation RCE Processor Diagnostic Tool
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1566 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM RCE Db2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-1487 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Information Disclosure Db2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-1458 HIGH This Week

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft IBM RCE Db2
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-3652 HIGH This Week

Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Xeon E3 Xeon E3 1220 V5 Xeon E3 1220 V6 +31
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2018-2438 HIGH This Week

The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has several denial-of-service vulnerabilities that allow an attacker to prevent legitimate users from accessing a service,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Internet Graphics Server
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-2433 HIGH This Week

SAP Gateway (SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.53) allows an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Sap Kernel
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-13848 HIGH This Week

An issue has been found in Bento4 1.5.1-624. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-13847 HIGH This Week

An issue has been found in Bento4 1.5.1-624. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Bento4
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-13844 HIGH This Week

An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Htslib
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-12461 HIGH This Week

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edirectory
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-10943 HIGH PATCH This Week

An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Clickshare Cse 200 Firmware Clickshare Cs 100 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1128 HIGH PATCH This Week

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-10891 HIGH PATCH This Week

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle
NVD
CVSS 3.1
7.3
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy