Skip to main content
CVE-2018-1156 HIGH POC This Week

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Memory Corruption RCE Buffer Overflow Routeros
NVD
CVSS 3.0
8.8
EPSS
7.4%
CVE-2018-3879 HIGH POC This Week

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-15748 HIGH POC This Week

On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Dell Information Disclosure Brute Force 2335Dn Engine Firmware 2335Dn Network Firmware +1
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-3911 HIGH POC This Week

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2018-15685 HIGH POC PATCH THREAT This Week

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Electron
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
10.4%
CVE-2018-3912 HIGH POC This Week

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-3833 HIGH POC This Week

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hub 2245 222 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2018-15804 HIGH This Week

An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mapr
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-8028 HIGH PATCH This Week

An authenticated user can execute ALTER TABLE EXCHANGE PARTITIONS without being authorized by Apache Sentry before 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Apache Sentry
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-15807 HIGH This Week

POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Evo
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-14797 HIGH This Week

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 allow a specially crafted DLL file to be placed in the search path and loaded as an internal and valid DLL, which may allow arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Deltav
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2018-14791 HIGH This Week

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deltav
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-15822 HIGH PATCH This Week

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.3%
CVE-2018-1999043 HIGH PATCH This Week

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy