Skip to main content
CVE-2018-3897 HIGH POC This Week

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2018-3896 HIGH POC This Week

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2018-16608 HIGH POC This Week

In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Monstra
NVD GitHub
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-16782 HIGH POC This Week

libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imageworsener
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-16770 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16769 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16768 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16767 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16766 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16765 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16764 HIGH POC This Week

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Webassembly Virtual Machine
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-16797 HIGH POC This Week

A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Potplayer
NVD
CVSS 3.0
7.8
EPSS
2.7%
CVE-2018-16774 HIGH POC This Week

HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/language/ajax?action=delete. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Hongcms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-15886 HIGH POC This Week

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google Code Injection RCE PHP Monstra
NVD GitHub
CVSS 3.0
7.2
EPSS
1.6%
CVE-2018-16790 HIGH PATCH This Week

_bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libbson
NVD GitHub
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-16802 HIGH This Week

An issue was discovered in Artifex Ghostscript before 9.25. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ghostscript Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
2.2%
CVE-2018-12608 HIGH PATCH This Week

An issue was discovered in Docker Moby before 17.06.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Docker Moby
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2018-11775 HIGH PATCH This Week

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Apache Information Disclosure Activemq Enterprise Repository +1
NVD
CVSS 3.0
7.4
EPSS
7.0%
CVE-2018-14625 HIGH PATCH This Week

A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel +2
NVD
CVSS 3.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy