Skip to main content
CVE-2018-17215 HIGH POC This Week

An information-disclosure issue was discovered in Postman through 6.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Postman
NVD
CVSS 3.0
8.1
EPSS
0.6%
CVE-2018-16364 HIGH POC THREAT This Week

A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Zoho Microsoft Deserialization RCE Manageengine Applications Manager
NVD
CVSS 3.1
8.1
EPSS
15.1%
CVE-2018-14327 HIGH POC This Week

The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ee40Vb Firmware
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
4.4%
CVE-2018-17365 HIGH POC This Week

SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Seacms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-17555 HIGH POC This Week

The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Arris Tg2492Lg Na Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-16711 HIGH This Week

IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402088) with a buffer containing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Advanced Systemcare
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-16055 HIGH This Week

An authenticated command injection vulnerability exists in status_interfaces.php via dhcp_relinquish_lease() in pfSense before 2.4.4 due to its passing user input from the $_POST parameters "ifdescr". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Command Injection Pfsense
NVD
CVSS 3.0
8.8
EPSS
11.2%
CVE-2018-8852 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure E Alert Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-8844 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF E Alert Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-8842 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Alert Firmware
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-10606 HIGH This Week

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Levistudiou
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-10602 HIGH This Week

WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Levistudiou
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-16588 HIGH This Week

Privilege escalation can occur in the SUSE useradd.c code in useradd, as distributed in the SUSE shadow package through 4.2.1-27.9.1 for SUSE Linux Enterprise 12 (SLE-12) and through 4.5-5.39 for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Shadow
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1768 HIGH PATCH This Week

IBM Spectrum Protect Plus 10.1.0 and 10.1.1 could disclose sensitive information when an authorized user executes a test operation, the user id an password may be displayed in plain text within an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Plus
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-16152 HIGH This Week

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-16151 HIGH This Week

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Strongswan Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-15836 HIGH PATCH This Week

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Jwt Attack Information Disclosure Openswan
NVD GitHub
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-8854 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service E Alert Firmware
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-8848 HIGH This Week

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation E Alert Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-1785 HIGH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Client Spectrum Protect For Virtual Environments
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2018-1683 HIGH This Week

IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-1545 HIGH This Week

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Protect Client Spectrum Protect For Virtual Environments
NVD
CVSS 3.1
7.5
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy