Skip to main content
CVE-2018-11776 HIGH POC KEV PATCH THREAT Act Now

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then:. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache RCE Struts Active Iq Unified Manager Oncommand Insight +5
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
100.0%
CVE-2018-10858 HIGH This Week

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debian Linux Ubuntu Linux Samba +5
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2018-10884 HIGH This Week

Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ansible Tower
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-11758 HIGH PATCH This Week

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Apache Cayenne
NVD
CVSS 3.0
8.1
EPSS
3.0%
CVE-2018-1139 HIGH This Week

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2018-14787 HIGH This Week

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Intellispace Cardiovascular Xcelera
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-5238 HIGH This Week

Norton Power Eraser (prior to 5.3.0.24) and SymDiag (prior to 2.1.242) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Norton Power Eraser Symdiag
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-14789 MEDIUM This Month

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Intellispace Cardiovascular Xcelera
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2018-10919 MEDIUM PATCH This Month

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ubuntu Linux Debian Linux Samba
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-10918 MEDIUM PATCH This Month

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Ubuntu Linux Samba
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1140 MEDIUM PATCH This Month

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Samba
NVD
CVSS 3.0
6.5
EPSS
10.8%
CVE-2018-14801 MEDIUM This Month

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Pagewriter Tc70 Firmware Pagewriter Tc50 Firmware Pagewriter Tc30 Firmware Pagewriter Tc20 Firmware +1
NVD
CVSS 3.0
6.2
EPSS
0.4%
CVE-2018-5235 MEDIUM This Month

Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an. Rated medium severity (CVSS 6.0). No vendor patch available.

Information Disclosure Norton Utilities
NVD
CVSS 3.0
6.0
EPSS
0.4%
CVE-2018-10845 MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.9
EPSS
3.6%
CVE-2018-10844 MEDIUM PATCH This Month

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.9
EPSS
3.6%
CVE-2018-10846 MEDIUM PATCH This Month

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. Rated medium severity (CVSS 5.6).

Information Disclosure Gnutls Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +3
NVD
CVSS 3.1
5.6
EPSS
0.4%
CVE-2018-1599 MEDIUM PATCH This Month

IBM API Connect 5.0.0.0 through 5.0.8.3 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-14799 LOW Monitor

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. Rated low severity (CVSS 3.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Pagewriter Tc70 Firmware Pagewriter Tc50 Firmware Pagewriter Tc30 Firmware Pagewriter Tc20 Firmware +1
NVD
CVSS 3.0
3.7
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy