Skip to main content
CVE-2018-0706 HIGH POC THREAT Act Now

Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qnap Q Center
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
48.7%
CVE-2018-0707 HIGH POC THREAT Act Now

Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap Command Injection Q Center
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
59.2%
CVE-2018-14346 HIGH POC PATCH This Week

GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Debian Linux Libextractor
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-14331 HIGH POC This Week

An issue was discovered in XiaoCms X1 v20140305. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Xiaocms X1
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-0710 HIGH POC THREAT This Week

Command injection vulnerability in SSH of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap Command Injection Q Center
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
14.2%
CVE-2018-0709 HIGH POC THREAT This Week

Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap Command Injection Q Center
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.6%
CVE-2018-0708 HIGH POC THREAT This Week

Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Qnap Command Injection Q Center
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
26.3%
CVE-2018-14338 HIGH POC This Week

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Exiv2
NVD GitHub
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-14333 HIGH POC This Week

TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Teamviewer
NVD GitHub
CVSS 3.0
8.1
EPSS
2.6%
CVE-2018-14337 HIGH POC This Week

The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Mruby Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-14363 HIGH PATCH This Week

An issue was discovered in NeoMutt before 2018-07-16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Debian Linux Neomutt
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-14345 HIGH PATCH This Week

An issue was discovered in SDDM through 0.17.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Sddm
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-13860 HIGH This Week

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C4 Professional Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-13864 HIGH PATCH This Week

A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Path Traversal Play Framework
NVD
CVSS 3.0
7.5
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy