Skip to main content
CVE-2018-14634 HIGH POC KEV PATCH THREAT This Week

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Linux Buffer Overflow Pan Os Big Ip Access Policy Manager +26
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
14.8%
CVE-2018-6055 HIGH This Week

Insufficient policy enforcement in Catalog Service in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-6054 HIGH This Week

Use after free in WebUI in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-6043 HIGH This Week

Insufficient data validation in External Protocol Handler in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially execute arbitrary programs on user machine via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-6035 HIGH This Week

Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6033 HIGH This Week

Insufficient data validation in Downloads in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially run arbitrary code outside sandbox via a crafted Chrome Extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE Chrome Enterprise Linux Desktop Enterprise Linux Server +2
NVD
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-6031 HIGH This Week

Use after free in PDFium in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Denial Of Service Use After Free Chrome +4
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-6034 HIGH This Week

Insufficient data validation in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Chrome Debian Linux +3
NVD
CVSS 3.0
8.1
EPSS
1.9%
CVE-2018-1664 HIGH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-15967 HIGH This Week

Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
7.5
EPSS
7.6%
CVE-2018-15964 HIGH This Week

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Coldfusion
NVD
CVSS 3.1
7.5
EPSS
7.9%
CVE-2018-15960 HIGH This Week

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Coldfusion
NVD
CVSS 3.0
7.5
EPSS
5.5%
CVE-2018-12850 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
33.6%
CVE-2018-12849 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
33.6%
CVE-2018-12840 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
28.8%
CVE-2018-12801 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-12778 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-12775 HIGH This Week

Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-14647 HIGH PATCH This Week

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Python Ubuntu Linux Debian Linux Fedora +4
NVD
CVSS 3.1
7.5
EPSS
11.3%
CVE-2018-1669 HIGH PATCH This Week

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Datapower Gateway
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1607 HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1588 HIGH This Week

IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-14633 HIGH PATCH This Week

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Linux Buffer Overflow Stack Overflow Linux Kernel +7
NVD
CVSS 3.1
7.0
EPSS
8.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy