Skip to main content
CVE-2018-3772 CRITICAL POC PATCH Act Now

Concatenating unsanitized user input in the `whereis` npm module < 0.4.1 allowed an attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Whereis
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2018-3773 MEDIUM POC PATCH This Month

There is a stored Cross-Site Scripting vulnerability in Open Graph meta properties read by the `metascrape` npm module <= 3.9.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Node.js Metascraper
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-14744 CRITICAL Act Now

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Pbc
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-10898 HIGH PATCH This Week

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openstack Tripleo Heat Templates
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-10847 HIGH This Week

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Prosody
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-9066 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user can, under specific circumstances, inject additional parameters into a specific web API call which can result. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Code Injection Xclarity Administrator
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-9064 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an authenticated LXCA user may abuse a web API debug call to retrieve the credentials for the System Manager user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-9065 HIGH This Week

In Lenovo xClarity Administrator versions earlier than 2.1.0, an attacker that gains access to the underlying LXCA file system user may be able to retrieve a credential store containing the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Lenovo Information Disclosure Xclarity Administrator
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-10903 HIGH PATCH This Week

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Python Python Cryptography Openstack Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-14743 HIGH This Week

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-14742 HIGH This Week

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14741 HIGH This Week

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14740 HIGH This Week

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14739 HIGH This Week

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14738 HIGH This Week

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14737 HIGH This Week

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Pbc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-14736 HIGH This Week

An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Pbc
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-13280 MEDIUM This Month

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Synology Diskstation Manager
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-10883 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's ext4 filesystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Denial Of Service Buffer Overflow Debian Linux +6
NVD
CVSS 3.0
5.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy