Skip to main content
CVE-2018-10197 CRITICAL POC Act Now

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Access Manager
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-0500 CRITICAL POC PATCH Act Now

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Curl Ubuntu Linux
NVD GitHub
CVSS 3.0
9.8
EPSS
6.4%
CVE-2018-0042 CRITICAL Act Now

Juniper Networks CSO versions prior to 4.0.0 may log passwords in log files leading to an information disclosure vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-0041 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-0040 CRITICAL Act Now

Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 use hardcoded cryptographic certificates and keys in some cases, which may allow network based attackers to gain unauthorized. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-0039 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 4.0.0 have Grafana service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-0038 CRITICAL Act Now

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 have Cassandra service enabled by default with hardcoded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Contrail Service Orchestration
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-0037 CRITICAL Act Now

Junos OS routing protocol daemon (RPD) process may crash and restart or may lead to remote code execution while processing specific BGP NOTIFICATION messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-0035 CRITICAL Act Now

QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1X53-D21, 15.1X53-D30, 15.1X53-D31, 15.1X53-D32, 15.1X53-D33 and 15.1X53-D60 or have been upgraded to these releases using the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2018-10635 CRITICAL Act Now

In Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100, ports 30001/TCP to 30003/TCP listen for arbitrary URScript code and execute the code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cb3 1 Firmware
NVD
CVSS 3.0
9.8
EPSS
5.1%
CVE-2018-10633 CRITICAL Act Now

Universal Robots Robot Controllers Version CB 3.1, SW Version 3.4.5-100 utilizes hard-coded credentials that may allow an attacker to reset passwords for the controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cb3 1 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-8327 CRITICAL PATCH Act Now

A remote code execution vulnerability exists in PowerShell Editor Services, aka "PowerShell Editor Services Remote Code Execution Vulnerability." This affects PowerShell Editor, PowerShell Extension. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Powershell Powershell Editor Services
NVD
CVSS 3.1
9.8
EPSS
21.2%
CVE-2018-8319 CRITICAL PATCH Act Now

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Research Javascript Cryptography Library
NVD
CVSS 3.0
9.8
EPSS
7.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy