Skip to main content
CVE-2018-3937 HIGH POC This Week

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Snc Eb600 Firmware Snc Eb630 Firmware Snc Eb600B Firmware Snc Eb630B Firmware +10
NVD
CVSS 3.0
7.2
EPSS
9.6%
CVE-2018-14922 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monstra
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-14888 MEDIUM POC PATCH This Month

inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Thank You Like
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.7%
CVE-2018-3938 CRITICAL Act Now

An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Snc Eb600 Firmware Snc Eb630 Firmware +12
NVD
CVSS 3.0
10.0
EPSS
3.3%
CVE-2018-7096 CRITICAL Act Now

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE 3Par Service Provider
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2018-7095 CRITICAL Act Now

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Par Service Provider
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-2445 CRITICAL Act Now

AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application,. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
9.6
EPSS
1.1%
CVE-2018-2442 HIGH This Week

In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF SAP Businessobjects Business Intelligence Internet Graphics Server
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-7097 HIGH This Week

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF 3Par Service Provider
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-2449 HIGH This Week

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft SAP Supplier Relationship Management Mdm Catalog
NVD
CVSS 3.0
8.6
EPSS
1.6%
CVE-2018-7093 HIGH This Week

A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware Integrated Lights Out 5 Firmware Moonshot Chassis Manager Firmware +1
NVD
CVSS 3.0
8.6
EPSS
3.5%
CVE-2018-7098 HIGH This Week

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal 3Par Service Provider
NVD
CVSS 3.0
8.4
EPSS
0.7%
CVE-2018-14348 HIGH PATCH This Week

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Libcgroup Debian Linux Fedora
NVD
CVSS 3.0
8.1
EPSS
2.3%
CVE-2018-12539 HIGH PATCH This Week

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Java Microsoft IBM Information Disclosure Openj9 +1
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-14424 HIGH This Week

The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Gnome Display Manager
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-3615 HIGH This Week

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Intel Core I3 Core I5 Core I7 +27
NVD VulDB
CVSS 3.1
7.3
EPSS
1.7%
CVE-2018-14429 HIGH PATCH This Week

man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Man Cgi
NVD
CVSS 3.0
7.5
EPSS
3.7%
CVE-2018-5392 HIGH This Week

mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Microsoft Information Disclosure Mingw W64
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-2446 HIGH This Week

Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2018-7077 HIGH This Week

A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Xp P9000 Configuration Manager Xp P9000 Device Manager
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-2450 HIGH This Week

SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure SAP Maxdb
NVD
CVSS 3.0
7.2
EPSS
1.7%
CVE-2018-2451 MEDIUM PATCH This Month

XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Information Disclosure SAP Hana Extended Application Services
NVD
CVSS 3.0
6.6
EPSS
1.2%
CVE-2018-2447 MEDIUM This Month

SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-3646 MEDIUM This Month

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user. Rated medium severity (CVSS 5.6). No vendor patch available.

Information Disclosure Core I3 Core I5 Core I7 Core M +4
NVD VulDB
CVSS 3.1
5.6
EPSS
3.9%
CVE-2018-2444 MEDIUM This Month

SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Financial Consolidation
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-3620 MEDIUM This Month

Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user. Rated medium severity (CVSS 5.6). No vendor patch available.

Authentication Bypass Core I3 Core I5 Core I7 Core M +4
NVD VulDB
CVSS 3.1
5.6
EPSS
2.3%
CVE-2018-0131 MEDIUM This Month

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Microsoft Information Disclosure Apple iOS +1
NVD
CVSS 3.0
5.9
EPSS
1.7%
CVE-2018-2441 MEDIUM This Month

Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Sap Kernel
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-7100 MEDIUM This Month

A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

HP Information Disclosure Officeconnect 1810 24G Switch Firmware Officeconnect 1810 48G Switch Firmware Officeconnect 1810 8 V2 Switch Firmware
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-7099 MEDIUM This Month

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 3Par Service Provider
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-7094 MEDIUM This Month

A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 3Par Service Provider
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-12537 MEDIUM PATCH This Month

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Vert X
NVD GitHub
CVSS 3.0
5.3
EPSS
2.5%
CVE-2018-2448 MEDIUM This Month

Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Supplier Relationship Management Mdm Catalog
NVD
CVSS 3.0
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy