Skip to main content
CVE-2018-2462 HIGH This Week

In certain cases, BEx Web Java Runtime Export Web Service in SAP NetWeaver BI 7.30, 7.31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure SAP Netweaver
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-2461 HIGH This Week

Missing authorization check in SAP HCM Fiori "People Profile" (GBX01 HR version 6.0) for an authenticated user which may result in an escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP People Profile
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-2455 HIGH This Week

SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Enterprise Financial Services
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-2454 HIGH This Week

SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Enterprise Financial Services
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-10893 HIGH PATCH This Week

Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Heap Overflow RCE Buffer Overflow Spice
NVD
CVSS 3.0
8.8
EPSS
2.4%
CVE-2018-1571 HIGH PATCH This Week

IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-2463 HIGH This Week

The Omni Commerce Connect API (OCC) of SAP Hybris Commerce, versions 6.*, is vulnerable to server-side request forgery (SSRF) attacks. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF SAP Hybris
NVD
CVSS 3.0
8.6
EPSS
1.6%
CVE-2018-1127 HIGH PATCH This Week

Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Red Hat Information Disclosure Gluster Storage
NVD GitHub
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-10853 HIGH PATCH This Week

A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Ubuntu Linux Debian Linux Linux Kernel
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-11078 HIGH This Week

Dell EMC VPlex GeoSynchrony, versions prior to 6.1, contains an Insecure File Permissions vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Emc Vplex Geosynchrony
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2018-2465 HIGH This Week

SAP HANA (versions 1.0 and 2.0) Extended Application Services classic model OData parser does not sufficiently validate XML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP Hana
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-2459 HIGH This Week

Users of an SAP Mobile Platform (version 3.0) Offline OData application, which uses Offline OData-supplied delta tokens (which is on by default), occasionally receive some data values of a different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Mobile Platform
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-2458 HIGH This Week

Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Business One
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-16807 HIGH PATCH This Week

In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Bro
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy