Skip to main content
CVE-2018-15752 HIGH POC This Week

An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Mensamax
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-9515 HIGH POC This Week

In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Buffer Overflow Android
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-15753 HIGH POC This Week

An issue was discovered in the MensaMax (aka com.breustedt.mensamax) application 4.3 for Android. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Mensamax
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-3944 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-3943 HIGH PATCH This Week

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Phantompdf Reader
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2018-9504 HIGH PATCH This Week

In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-3961 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2018-3960 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2018-3959 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2018-3958 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2018-3957 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2018-9514 HIGH This Week

In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Google Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9513 HIGH This Week

In copy_process of fork.c, there is possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9501 HIGH PATCH This Week

In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9498 HIGH PATCH This Week

In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Google Android
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-9497 HIGH PATCH This Week

In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-9496 HIGH PATCH This Week

In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-9492 HIGH PATCH This Week

In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Authentication Bypass Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9491 HIGH PATCH This Week

In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Google Android
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-9490 HIGH PATCH This Week

In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation RCE Android
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-9473 HIGH PATCH This Week

In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Buffer Overflow Google Android
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-11748 HIGH This Week

Previous releases of the Puppet device_manager module creates configuration files containing credentials that are world readable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Device Manager
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1498 HIGH This Week

IBM Security Guardium EcoSystem 10.5 stores user credentials in plain in clear text which can be read by a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-11072 HIGH This Week

Dell Digital Delivery versions prior to 3.5.1 contain a DLL Injection Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Dell Digital Delivery
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9503 HIGH PATCH This Week

In rfc_process_mx_message of rfc_ts_frames.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-12473 HIGH This Week

A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Open Build Service
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-1509 HIGH This Week

IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.0
7.4
EPSS
0.9%
CVE-2018-3962 HIGH PATCH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Phantompdf Reader
NVD
CVSS 3.1
7.3
EPSS
2.5%
CVE-2018-6261 HIGH This Week

NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation. Rated high severity (CVSS 7.0). No vendor patch available.

Nvidia RCE Denial Of Service Geforce Experience
NVD
CVSS 3.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy