Skip to main content
CVE-2018-3785 CRITICAL POC Act Now

A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Git Dummy Commit
NVD
CVSS 3.1
9.8
EPSS
4.0%
CVE-2018-3784 CRITICAL POC Act Now

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Deserialization Cryo
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2018-3783 CRITICAL POC PATCH Act Now

A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Privilege Escalation Flintcms
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-14057 HIGH POC PATCH This Week

Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users /. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pimcore
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-5546 HIGH POC This Week

The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Big Ip Access Policy Manager Client Big Ip Access Policy Manager
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-14058 MEDIUM POC PATCH THREAT This Month

Pimcore before 5.3.0 allows SQL Injection via the REST web service API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pimcore
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
28.9%
CVE-2018-15482 CRITICAL Act Now

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.7%
CVE-2018-14982 CRITICAL Act Now

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2018-14981 CRITICAL Act Now

Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2018-15353 CRITICAL Act Now

A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow 24F2Xg Router Firmware
NVD
CVSS 3.0
9.8
EPSS
7.7%
CVE-2018-15350 CRITICAL Act Now

Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 24F2Xg Router Firmware
NVD
CVSS 3.0
9.8
EPSS
4.7%
CVE-2018-15473 MEDIUM POC PATCH THREAT This Month

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Race Condition Information Disclosure SSH Openssh Debian Linux +20
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
98.6%
CVE-2018-15359 HIGH This Week

An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Esp 200 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-15358 HIGH This Week

An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Esp 200 Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-15356 HIGH This Week

An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Esp 200 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-10873 HIGH PATCH This Week

A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Spice Debian Linux Ubuntu Linux Virtualization +7
NVD
CVSS 3.0
8.8
EPSS
3.9%
CVE-2018-15471 HIGH This Week

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Denial Of Service Information Disclosure Linux +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-5547 HIGH This Week

Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Big Ip Access Policy Manager Client
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-15354 HIGH This Week

A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow 24F2Xg Router Firmware
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-15360 HIGH This Week

An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Esp 200 Firmware
NVD
CVSS 3.0
7.3
EPSS
1.6%
CVE-2018-6622 HIGH This Week

An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trusted Platform Module
NVD
CVSS 3.0
7.1
EPSS
0.5%
CVE-2018-15470 MEDIUM This Month

An issue was discovered in Xen through 4.11.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-15469 MEDIUM PATCH This Month

An issue was discovered in Xen through 4.11.x. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Xen Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-15357 MEDIUM This Month

An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Esp 200 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15352 MEDIUM This Month

An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service 24F2Xg Router Firmware
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-15351 MEDIUM This Month

Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 24F2Xg Router Firmware
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-15468 MEDIUM This Month

An issue was discovered in Xen through 4.11.x. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Intel Xen
NVD
CVSS 3.0
6.0
EPSS
0.3%
CVE-2018-15355 MEDIUM This Month

Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure 24F2Xg Router Firmware
NVD
CVSS 3.0
5.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy