Skip to main content
CVE-2018-3877 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3874 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3873 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-17317 CRITICAL POC Act Now

FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Fruitywifi
NVD GitHub
CVSS 3.0
9.8
EPSS
4.3%
CVE-2018-17174 CRITICAL POC Act Now

A stack-based buffer overflow was discovered in the xtimor NMEA library (aka nmealib) 0.5.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Denial Of Service Nmealib
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-17173 CRITICAL POC THREAT Act Now

LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Supersign Cms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
56.2%
CVE-2018-17141 CRITICAL POC Act Now

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Debian Linux Hylafax
NVD
CVSS 3.0
9.8
EPSS
5.6%
CVE-2018-16822 CRITICAL POC Act Now

SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Seacms
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-16281 CRITICAL PATCH Act Now

The DEISER "Profields - Project Custom Fields" app before 6.0.2 for Jira has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Atlassian Information Disclosure Profields Project Custom Fields
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-11241 CRITICAL Act Now

An issue was discovered on SoftCase T-Router build 20112017 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE T Router Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-11240 CRITICAL Act Now

An issue was discovered on SoftCase T-Router build 20112017 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE T Router Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-14643 CRITICAL PATCH Act Now

An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Foreman
NVD GitHub
CVSS 3.0
9.8
EPSS
6.0%
CVE-2018-17298 CRITICAL PATCH Act Now

An issue was discovered in Enalean Tuleap before 10.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tuleap
NVD
CVSS 3.0
9.8
EPSS
1.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy