Skip to main content
CVE-2018-15961 CRITICAL POC KEV THREAT Emergency

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Adobe RCE Coldfusion
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2018-14634 HIGH POC KEV PATCH THREAT This Week

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow Pan Os Big Ip Access Policy Manager +26
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
14.8%
CVE-2018-15965 CRITICAL Act Now

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Deserialization RCE Coldfusion
NVD
CVSS 3.1
9.8
EPSS
25.9%
CVE-2018-15959 CRITICAL Act Now

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Deserialization RCE Coldfusion
NVD
CVSS 3.1
9.8
EPSS
25.9%
CVE-2018-15958 CRITICAL Act Now

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Deserialization RCE Coldfusion
NVD
CVSS 3.1
9.8
EPSS
25.9%
CVE-2018-15957 CRITICAL Act Now

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Deserialization RCE Coldfusion
NVD
CVSS 3.1
9.8
EPSS
28.2%
CVE-2018-12848 CRITICAL Act Now

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe RCE Buffer Overflow Acrobat Dc +1
NVD
CVSS 3.0
9.8
EPSS
34.7%
CVE-2018-6055 HIGH This Week

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-6054 HIGH This Week

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-6043 HIGH This Week

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-6035 HIGH This Week

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6033 HIGH This Week

Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6031 HIGH This Week

Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-6034 HIGH This Week

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Debian Linux +3
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2018-1664 HIGH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-15967 HIGH This Week

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
7.5
EPSS
7.6%
CVE-2018-15964 HIGH This Week

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Coldfusion
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2018-15960 HIGH This Week

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Coldfusion
NVD
CVSS 3.0
7.5
EPSS
5.5%
CVE-2018-12850 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
33.6%
CVE-2018-12849 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
33.6%
CVE-2018-12840 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
28.8%
CVE-2018-12801 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-12778 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-12775 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-14647 HIGH PATCH This Week

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Ubuntu Linux Debian Linux Fedora +4
NVD
CVSS 3.1
7.5
EPSS
11.3%
CVE-2018-1669 HIGH PATCH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1607 HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1588 HIGH This Week

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-14633 HIGH PATCH This Week

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Linux Buffer Overflow Stack Overflow Linux Kernel +7
NVD
CVSS 3.1
7.0
EPSS
8.7%
CVE-2018-1539 MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-6119 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-6050 MEDIUM This Month

Incorrect security UI in Omnibox in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-6049 MEDIUM This Month

Incorrect security UI in permissions prompt in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to spoof the origin to which permission is granted via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6045 MEDIUM This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6040 MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6038 MEDIUM This Month

Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6037 MEDIUM This Month

Inappropriate implementation in autofill in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain autofill data with insufficient user gestures via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6036 MEDIUM This Month

Insufficient data validation in V8 in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6032 MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6046 MEDIUM This Month

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-6039 MEDIUM This Month

Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a crafted Chrome Extension. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-11763 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Http Server Ubuntu Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
51.0%
CVE-2018-1659 MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1560 MEDIUM This Month

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-15963 MEDIUM This Month

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Coldfusion
NVD
CVSS 3.1
5.3
EPSS
5.7%
CVE-2018-15962 MEDIUM This Month

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Coldfusion
NVD
CVSS 3.1
5.3
EPSS
5.5%
CVE-2018-6052 MEDIUM This Month

Lack of support for a non standard no-referrer policy value in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to obtain referrer details from a web page that had thought it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-6051 MEDIUM This Month

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-6048 MEDIUM This Month

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-6047 MEDIUM This Month

Insufficient policy enforcement in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user redirect URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
4.3
EPSS
1.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy