Skip to main content
CVE-2018-3907 CRITICAL POC Act Now

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.4%
CVE-2018-11653 CRITICAL POC Act Now

Information disclosure in Netwave IP camera at //etc/RT2870STA.dat (via HTTP on port 8000) allows an unauthenticated attacker to exfiltrate sensitive information about the network configuration like. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ip Camera Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2018-3786 CRITICAL POC PATCH THREAT Act Now

A command injection vulnerability in egg-scripts <v2.8.1 allows arbitrary shell command execution through a maliciously crafted command line argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Egg Scripts
NVD GitHub
CVSS 3.1
9.8
EPSS
12.3%
CVE-2018-1722 CRITICAL Act Now

IBM Security Access Manager Appliance 9.0.4.0 and 9.0.5.0 could allow remote code execution when Advanced Access Control or Federation services are running. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Security Access Manager
NVD
CVSS 3.0
10.0
EPSS
9.0%
CVE-2018-14600 CRITICAL PATCH Act Now

An issue was discovered in libX11 through 1.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Libx11 Ubuntu Linux +1
NVD
CVSS 3.0
9.8
EPSS
9.3%
CVE-2018-14599 CRITICAL PATCH Act Now

An issue was discovered in libX11 through 1.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libx11 Ubuntu Linux Debian Linux Fedora +3
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2018-11749 CRITICAL Act Now

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2018-11061 CRITICAL Act Now

RSA NetWitness Platform versions prior to 11.1.0.2 and RSA Security Analytics versions prior to 10.6.6 are vulnerable to a server-side template injection vulnerability due to insecure configuration. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Rsa Netwitness Rsa Security Analytics
NVD
CVSS 3.0
9.1
EPSS
5.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy