Skip to main content
CVE-2018-17207 CRITICAL POC THREAT Emergency

An issue was discovered in Snap Creek Duplicator before 1.2.42. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Duplicator
NVD
CVSS 3.1
9.8
EPSS
58.8%
CVE-2018-17228 CRITICAL POC Act Now

nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nmap4J
NVD GitHub
CVSS 3.0
9.8
EPSS
1.6%
CVE-2018-1149 CRITICAL POC THREAT Act Now

cgi_system in NUUO's NVRMini2 3.8.0 and below allows remote attackers to execute arbitrary code via crafted HTTP requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Nvrmini2 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
15.2%
CVE-2018-17208 HIGH POC This Week

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys CSRF Command Injection Velop Firmware
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-16785 HIGH POC This Week

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dedecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-17182 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel through 4.18.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Use After Free Buffer Overflow Linux Kernel +4
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
3.2%
CVE-2018-17231 HIGH POC This Week

Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Telegram Desktop
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17205 HIGH POC PATCH This Week

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openvswitch Openstack Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-1150 HIGH POC This Week

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nvrmini2 Firmware
NVD
CVSS 3.0
7.3
EPSS
1.9%
CVE-2018-17230 MEDIUM POC This Month

Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-17229 MEDIUM POC This Month

Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-12242 CRITICAL Act Now

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Messaging Gateway
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-16607 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-3831 HIGH PATCH This Week

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-12243 HIGH This Week

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Messaging Gateway
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-11891 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-3827 HIGH This Week

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Microsoft Information Disclosure Azure Repository
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2018-17183 HIGH This Week

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-3573 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11904 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11903 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11902 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11898 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11897 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11895 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11894 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Integer Overflow Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11893 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11889 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11886 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Integer Overflow Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11883 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11878 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3828 HIGH This Week

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-11761 HIGH PATCH This Week

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Apache Tika Business Process Management Suite
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2018-17144 HIGH PATCH This Week

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bitcoin Core Bitcoin Knots
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2018-5905 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-3826 MEDIUM This Month

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-1782 MEDIUM This Month

IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap,. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2018-14792 MEDIUM This Month

WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Plc Editor
NVD
CVSS 3.0
6.3
EPSS
1.3%
CVE-2018-3830 MEDIUM This Month

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana Openshift Container Platform
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2018-3824 MEDIUM PATCH This Month

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elasticsearch X Pack Kibana X Pack Logstash X Pack
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-3825 MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-11762 MEDIUM PATCH This Month

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Path Traversal Tika
NVD
CVSS 3.0
5.9
EPSS
5.4%
CVE-2018-8017 MEDIUM PATCH This Month

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
5.5
EPSS
2.5%
CVE-2018-3574 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-3823 MEDIUM This Month

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elasticsearch X Pack Kibana X Pack Logstash X Pack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-3829 MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Authentication Bypass Elastic Cloud Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2018-17206 MEDIUM PATCH This Month

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Openvswitch Openstack Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.9
EPSS
2.0%
CVE-2018-8889 MEDIUM This Month

A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context. Rated medium severity (CVSS 4.7). No vendor patch available.

Path Traversal Enterprise Mobility Server
NVD
CVSS 3.0
4.7
EPSS
0.5%
CVE-2018-17204 MEDIUM PATCH This Month

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openvswitch Openstack Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy