Skip to main content
CVE-2018-3939 HIGH POC PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption RCE Use After Free Foxit Reader Phantompdf
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2018-3847 HIGH POC This Week

Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Cfitsio
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2018-3924 HIGH POC THREAT This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Foxit Reader Phantompdf
NVD
CVSS 3.0
7.8
EPSS
44.1%
CVE-2018-3923 HIGH POC This Week

A memory corruption vulnerability exists in the PCX-parsing functionality of Computerinsel Photoline 20.54. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-3922 HIGH POC This Week

A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-3921 HIGH POC This Week

A memory corruption vulnerability exists in the PSD-parsing functionality of Computerinsel Photoline 20.54. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Photoline
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-0413 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Identity Services Engine Software
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-1595 HIGH This Week

IBM Spectrum Symphony and Platform Symphony 7.1.2 and 7.2.0.2 could allow an authenticated user to execute arbitrary commands due to improper handling of user supplied input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-3672 HIGH This Week

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Intel Smart Sound Technology
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-3670 HIGH This Week

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Buffer Overflow Intel Smart Sound Technology
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-3666 HIGH This Week

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Intel RCE Intel Smart Sound Technology
NVD
CVSS 3.0
8.8
EPSS
0.4%
CVE-2018-1999040 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.10.1 and earlier in KubernetesCloud.java that allows attackers to capture credentials with a known credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-1999028 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins Accurev Plugin 0.7.16 and earlier in AccurevSCM.java that allows attackers to capture credentials with a known credentials ID. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Accurev
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11050 HIGH This Week

Dell EMC NetWorker versions between 9.0 and 9.1.1.8 through 9.2.1.3, and the version 18.1.0.1 contain a Clear-Text authentication over network vulnerability in the Rabbit MQ Advanced Message Queuing. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-10897 HIGH PATCH This Week

A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Path Traversal Yum Utils Virtualization Enterprise Linux Desktop Enterprise Linux Server +1
NVD GitHub
CVSS 3.1
8.1
EPSS
5.7%
CVE-2018-3662 HIGH This Week

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation RCE Saffron Memorybase
NVD
CVSS 3.0
8.0
EPSS
0.7%
CVE-2018-3650 HIGH This Week

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Python Distribution For Python
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-8034 HIGH PATCH This Week

The host name verification when using TLS with the WebSocket client was missing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Tomcat Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
21.3%
CVE-2018-1999027 HIGH PATCH This Week

An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java CSRF Jenkins Saltstack
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-1999035 HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Inedo Buildmaster
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-1999034 HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Inedo Proget
NVD
CVSS 3.0
7.4
EPSS
0.8%
CVE-2018-1999025 HIGH PATCH This Week

A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Jenkins Information Disclosure Tracetronic Ecu Test
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-12468 HIGH This Week

A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Groupwise
NVD
CVSS 3.0
7.2
EPSS
2.2%
CVE-2018-10896 HIGH PATCH This Week

The default cloud-init configuration, in cloud-init 0.6.2 and newer, included "ssh_deletekeys: 0", disabling cloud-init's deletion of ssh host keys. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Cloud Init
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy