Skip to main content
CVE-2018-15534 CRITICAL POC THREAT Act Now

Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Re Porter 16 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
32.4%
CVE-2018-15661 HIGH POC This Week

An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Ola Money
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-15671 MEDIUM POC This Month

An issue was discovered in the HDF HDF5 1.10.2 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15607 MEDIUM POC This Month

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
5.2%
CVE-2018-15533 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Re Porter 16 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-15528 MEDIUM POC This Month

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Sso Plugin
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-6692 CRITICAL Act Now

Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Wemo Insight Smart Plug Firmware
NVD
CVSS 3.1
10.0
EPSS
3.7%
CVE-2018-15660 MEDIUM POC This Month

An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Olamoney
NVD GitHub
CVSS 3.0
5.9
EPSS
1.2%
CVE-2018-15601 CRITICAL PATCH Act Now

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Elefantcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-15481 HIGH This Week

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wireless Appliance Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-14795 HIGH This Week

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Deltav
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-14793 HIGH This Week

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Deltav
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-10902 HIGH PATCH This Week

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Privilege Escalation Debian Linux Ubuntu Linux +4
NVD VulDB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-15667 HIGH This Week

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Airmail
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-7166 HIGH This Week

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2018-12115 HIGH This Week

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Node.js Node Js Openshift Container Platform
NVD
CVSS 3.0
7.5
EPSS
8.0%
CVE-2018-15598 HIGH PATCH This Week

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Traefik
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-6557 HIGH This Week

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. Rated high severity (CVSS 7.0). No vendor patch available.

Ubuntu Denial Of Service Base Files Ubuntu Linux
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2018-15603 MEDIUM This Month

An issue was discovered in Victor CMS through 2018-05-10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Victor Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-0501 MEDIUM PATCH This Month

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Ubuntu Linux Advanced Package Tool
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-15669 MEDIUM This Month

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Airmail 3
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-15668 MEDIUM This Month

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Airmail 3
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-15599 MEDIUM This Month

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Dropbear Ssh
NVD
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-15670 MEDIUM This Month

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Airmail
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-10932 MEDIUM This Month

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Lldptool
NVD GitHub
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy