Skip to main content
CVE-2018-1000669 HIGH POC This Week

KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Request Forgery (CSRF) vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Koha
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14624 HIGH POC This Week

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 389 Directory Server Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +4
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-16604 HIGH POC This Week

An issue was discovered in Nibbleblog v4.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Nibbleblog
NVD GitHub
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-1000659 HIGH PATCH This Week

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

File Upload RCE Path Traversal Limesurvey
NVD GitHub
CVSS 3.0
8.8
EPSS
3.6%
CVE-2018-1000658 HIGH PATCH This Week

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE PHP Limesurvey
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-1000773 HIGH This Week

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE
NVD
CVSS 3.0
8.8
EPSS
7.3%
CVE-2018-11263 HIGH PATCH This Week

In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-15865 HIGH This Week

The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Apple Pulse Secure Desktop Client
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-16585 HIGH PATCH This Week

An issue was discovered in Artifex Ghostscript before 9.24. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Red Hat Buffer Overflow Ghostscript Ubuntu Linux Debian Linux
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-14632 HIGH PATCH This Week

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Denial Of Service Buffer Overflow Openshift Container Platform Json Patch
NVD GitHub
CVSS 3.1
7.7
EPSS
2.0%
CVE-2018-5391 HIGH PATCH This Week

The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Enterprise Linux Desktop Enterprise Linux Server +48
NVD
CVSS 3.1
7.5
EPSS
24.6%
CVE-2018-1000660 HIGH PATCH This Week

TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Tock
NVD GitHub
CVSS 3.0
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy