Skip to main content
CVE-2018-17208 HIGH POC This Week

Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys CSRF Command Injection Velop Firmware
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-16785 HIGH POC This Week

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Dedecms
NVD GitHub
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-17182 HIGH POC PATCH This Week

An issue was discovered in the Linux kernel through 4.18.8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Linux Use After Free Buffer Overflow Linux Kernel +4
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
3.2%
CVE-2018-17231 HIGH POC This Week

Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Telegram Desktop
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17205 HIGH POC PATCH This Week

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openvswitch Openstack Ubuntu Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-1150 HIGH POC This Week

NUUO's NVRMini2 3.8.0 and below contains a backdoor that would allow an unauthenticated remote attacker to take over user accounts if the file /tmp/moses exists. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nvrmini2 Firmware
NVD
CVSS 3.0
7.3
EPSS
1.9%
CVE-2018-3831 HIGH PATCH This Week

Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-12243 HIGH This Week

The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Messaging Gateway
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-11891 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-3827 HIGH This Week

A sensitive data disclosure flaw was found in the Elasticsearch repository-azure (formerly elasticsearch-cloud-azure) plugin. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Microsoft Information Disclosure Azure Repository
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2018-17183 HIGH This Week

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Ghostscript Ubuntu Linux Debian Linux Enterprise Linux Desktop +5
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-3573 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11904 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11903 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11902 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11898 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11897 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11895 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11894 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Integer Overflow Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11893 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11889 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11886 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Integer Overflow Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11883 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11878 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3828 HIGH This Week

Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 contain an information exposure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2018-11761 HIGH PATCH This Week

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Denial Of Service XXE Apache Tika Business Process Management Suite
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2018-17144 HIGH PATCH This Week

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Bitcoin Core Bitcoin Knots
NVD GitHub
CVSS 3.1
7.5
EPSS
6.7%
CVE-2018-5905 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of. Rated high severity (CVSS 7.0). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy