Skip to main content
CVE-2018-10900 HIGH POC PATCH Act Now

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Command Injection Network Manager Vpnc Debian Linux
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
5.1%
CVE-2018-10879 HIGH POC PATCH This Week

A flaw was found in the Linux kernel's ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Use After Free Ubuntu Linux +6
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-10878 HIGH POC PATCH This Week

A flaw was found in the Linux kernel's ext4 filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Buffer Overflow Ubuntu Linux +5
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2018-14608 HIGH POC This Week

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Ultratax Cs
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-14607 HIGH POC This Week

Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ultratax Cs 2017
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-10881 MEDIUM POC PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Denial Of Service Buffer Overflow Ubuntu Linux +7
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-10876 MEDIUM POC PATCH This Month

A flaw was found in Linux kernel in the ext4 filesystem code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel +2
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-0613 HIGH This Week

NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S) 2.37210411 and earlier, CSDJ-B 01.03.00 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Calsos Csdx Firmware Calsos Csdx P Firmware Calsos Csdx S Firmware Calsos Csdx D Firmware +4
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-0607 HIGH This Week

SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Garoon
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-10901 HIGH PATCH This Week

A flaw was found in Linux kernel's KVM virtualization subsystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-0621 HIGH This Week

Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOFTWARE versions before 2.30.9 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connection Utility Software
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-0620 HIGH This Week

Untrusted search path vulnerability in LOGICOOL Game Software versions before 8.87.116 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Game Software
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-0619 HIGH This Week

Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glary Utilities
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-9068 HIGH This Week

The IMM2 First Failure Data Capture function collects management module logs and diagnostic information when a hardware error is detected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass IBM Flex System X240 M4 Firmware Flex System X240 M5 Firmware +35
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-0617 HIGH This Week

Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.2200 allows remote attackers to read arbitrary files via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Memocgi
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-0622 HIGH This Week

The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Dhc Online Shop
NVD
CVSS 3.0
7.4
EPSS
0.6%
CVE-2018-0614 MEDIUM This Month

Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 and earlier, CSDX(P) 4.37210411 and earlier, CSDX(D) 3.37210411 and earlier, CSDX(S). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Calsos Csdx Firmware Calsos Csdx P Firmware Calsos Csdx S Firmware Calsos Csdx D Firmware +4
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0618 MEDIUM This Month

Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mailman Debian Linux
NVD
CVSS 3.0
5.4
EPSS
2.0%
CVE-2018-1288 MEDIUM PATCH This Month

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Kafka Jboss Middleware Text Only Advisories Database +2
NVD
CVSS 3.1
5.4
EPSS
4.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy