Skip to main content
CVE-2018-10618 CRITICAL POC THREAT Act Now

Davolink DVW-3200N all version prior to Version 1.00.06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dvw 3200N Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
10.1%
CVE-2018-3881 CRITICAL POC Act Now

An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Focalscope
NVD
CVSS 3.1
9.4
EPSS
1.2%
CVE-2018-3939 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Foxit Reader Phantompdf
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2018-3847 HIGH POC This Week

Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cfitsio
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2018-3924 HIGH POC THREAT This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Foxit Reader Phantompdf
NVD
CVSS 3.0
7.8
EPSS
44.1%
CVE-2018-3923 HIGH POC This Week

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-3922 HIGH POC This Week

A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-3921 HIGH POC This Week

A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-10916 MEDIUM POC PATCH This Month

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lftp Ubuntu Linux Leap
NVD GitHub
CVSS 3.0
6.5
EPSS
4.8%
CVE-2018-14777 MEDIUM POC This Month

An issue was discovered in DataLife Engine (DLE) through 13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Datalife Engine
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0413 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Identity Services Engine Software
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-1595 HIGH This Week

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-3672 HIGH This Week

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Intel Smart Sound Technology
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-3670 HIGH This Week

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Buffer Overflow Intel Smart Sound Technology
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-3666 HIGH This Week

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Intel Smart Sound Technology
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-1999040 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-1999028 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Accurev
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11050 HIGH This Week

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-10897 HIGH PATCH This Week

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Yum Utils Virtualization Enterprise Linux Desktop Enterprise Linux Server +1
NVD GitHub
CVSS 3.1
8.1
EPSS
5.7%
CVE-2018-3662 HIGH This Week

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation RCE Saffron Memorybase
NVD
CVSS 3.0
8.0
EPSS
0.7%
CVE-2018-3650 HIGH This Week

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Python Distribution For Python
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-8034 HIGH PATCH This Week

The host name verification when using TLS with the WebSocket client was missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Tomcat Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
21.3%
CVE-2018-1999027 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java CSRF Jenkins Saltstack
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-1999035 HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Inedo Buildmaster
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-1999034 HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Inedo Proget
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2018-1999025 HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Tracetronic Ecu Test
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-12468 HIGH This Week

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Groupwise
NVD
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-10896 HIGH PATCH This Week

The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Cloud Init
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2018-10624 MEDIUM This Month

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bcpro Metasys System
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-0391 MEDIUM This Month

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-12467 MEDIUM This Month

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-12466 MEDIUM This Month

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-1999036 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Ssh Agent
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-1999033 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Container Image Scanner
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2018-1999032 MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins Pangolin Connector For Testrail
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1999031 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Meliora Testlab
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1999026 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Tracetronic Ecu Test
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-0411 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0406 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Web Security Appliance
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0397 MEDIUM PATCH This Month

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Cisco Denial Of Service Apple Advanced Malware Protection For Endpoints
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-3671 MEDIUM This Month

Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Saffron Memorybase
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2018-3663 MEDIUM This Month

Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Saffron Memorybase
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2018-1999041 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Tinfoil Security
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-14775 MEDIUM PATCH This Month

tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-0408 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sf300 08 Firmware Sf302 08 Firmware Sf302 08P Firmware +25
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0407 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sf300 08 Firmware Sf302 08 Firmware Sf302 08P Firmware +25
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10894 MEDIUM PATCH This Month

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Keycloak Single Sign On
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2018-1999030 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Maven Artifact Choicelistprovider Nexus
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1999029 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Shelve Project
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14776 MEDIUM This Month

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Passwordstate
NVD
CVSS 3.0
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy