Skip to main content
CVE-2018-17776 HIGH POC This Week

PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antivirus
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.4%
CVE-2018-17055 HIGH POC This Week

An arbitrary file upload vulnerability in Progress Sitefinity CMS versions 4.0 through 11.0 related to image uploads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sitefinity
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-17582 HIGH POC This Week

Tcpreplay v4.3.0 beta1 contains a heap-based buffer over-read. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.1
EPSS
1.2%
CVE-2018-17580 HIGH POC This Week

A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay
NVD GitHub
CVSS 3.0
7.1
EPSS
1.2%
CVE-2018-9082 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Session Fixation Information Disclosure Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware +18
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-9078 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-9077 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-9076 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-9075 HIGH This Week

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Command Injection Lenovoemc Firmware
NVD
CVSS 3.0
8.1
EPSS
4.1%
CVE-2018-1251 HIGH This Week

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Open Redirect Emc Unity Firmware Emc Unityvsa
NVD
CVSS 3.0
8.1
EPSS
2.5%
CVE-2018-14648 HIGH This Week

A flaw was found in 389 Directory Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server Debian Linux Enterprise Linux
NVD
CVSS 3.0
7.5
EPSS
6.2%
CVE-2018-17605 HIGH PATCH This Week

An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Asset Pipeline
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-17567 HIGH PATCH This Week

Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jekyll
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1702 HIGH This Week

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
7.1
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy