Skip to main content
CVE-2018-15661 HIGH POC This Week

An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Ola Money
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-15481 HIGH This Week

Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wireless Appliance Firmware
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-14795 HIGH This Week

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Deltav
NVD
CVSS 3.0
8.8
EPSS
2.2%
CVE-2018-14793 HIGH This Week

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Deltav
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-10902 HIGH PATCH This Week

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Privilege Escalation Debian Linux Ubuntu Linux +4
NVD VulDB
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-15667 HIGH This Week

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Airmail
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-7166 HIGH This Week

In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node.js Node Js
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2018-12115 HIGH This Week

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()`. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Node.js Node Js Openshift Container Platform
NVD
CVSS 3.0
7.5
EPSS
8.0%
CVE-2018-15598 HIGH PATCH This Week

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Traefik
NVD GitHub
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-6557 HIGH This Week

The MOTD update script in the base-files package in Ubuntu 18.04 LTS before 10.1ubuntu2.2, and Ubuntu 18.10 before 10.1ubuntu6 incorrectly handled temporary files. Rated high severity (CVSS 7.0). No vendor patch available.

Ubuntu Denial Of Service Base Files Ubuntu Linux
NVD
CVSS 3.1
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy