Skip to main content
CVE-2018-17986 HIGH POC This Week

rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Razorcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-0464 HIGH POC This Week

A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cisco Prime Data Center Network Manager
NVD
CVSS 3.0
8.1
EPSS
5.4%
CVE-2018-0438 HIGH POC This Week

A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cisco Umbrella Enterprise Roaming Client
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-0437 HIGH POC This Week

A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) could allow an authenticated, local attacker to elevate privileges to Administrator. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cisco Umbrella Enterprise Roaming Client Umbrella Roaming Module
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-15763 HIGH This Week

Pivotal Container Service, versions prior to 1.2.0, contains an information disclosure vulnerability which exposes IaaS credentials to application logs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pivotal Container Service
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-11081 HIGH This Week

Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Operations Manager
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-11778 HIGH PATCH This Week

UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Apache Buffer Overflow Ranger
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2018-0454 HIGH This Week

A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to perform command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Cloud Services Platform 2100 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-0451 HIGH This Week

A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Tetration Analytics
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-0446 HIGH This Week

A vulnerability in the web-based management interface of Cisco Industrial Network Director could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Network Level Service
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-0445 HIGH This Week

A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a CSRF attack and perform arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Packaged Contact Center Enterprise
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-0439 HIGH This Week

A vulnerability in the web-based management interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Meeting Server
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2018-0432 HIGH This Week

A vulnerability in the error reporting feature of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Vedge 100 Firmware Vedge 1000 Firmware Vedge 2000 Firmware +2
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-0431 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2018-0430 HIGH This Week

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Unified Computing System
NVD
CVSS 3.0
8.8
EPSS
4.0%
CVE-2018-0424 HIGH This Week

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv110W Firmware Rv130W Firmware Rv215W Firmware
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2018-0436 HIGH This Week

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Webex Teams
NVD
CVSS 3.1
8.7
EPSS
1.3%
CVE-2018-15382 HIGH This Week

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Hyperflex Hx Data Platform
NVD
CVSS 3.0
8.6
EPSS
1.3%
CVE-2018-15377 HIGH This Week

A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2018-0485 HIGH This Week

A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation Integrated Services Routers (ISR G2) and the Cisco 4451-X Integrated Services Router (ISR4451-X) could allow an unauthenticated,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco iOS Ios Xe
NVD
CVSS 3.0
8.6
EPSS
4.1%
CVE-2018-0473 HIGH This Week

A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of the Precision Time. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS
NVD
CVSS 3.0
8.6
EPSS
3.5%
CVE-2018-0472 HIGH This Week

A vulnerability in the IPsec driver code of multiple Cisco IOS XE Software platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Apple Ios Xe
NVD
CVSS 3.0
8.6
EPSS
16.2%
CVE-2018-0470 HIGH This Week

A vulnerability in the web framework of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Buffer Overflow Apple Ios Xe
NVD
CVSS 3.0
8.6
EPSS
4.4%
CVE-2018-0467 HIGH This Week

A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.0
8.6
EPSS
3.8%
CVE-2018-0421 HIGH This Week

A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Prime Access Registrar Prime Access Registrar Jumpstart
NVD
CVSS 3.0
8.6
EPSS
3.5%
CVE-2018-0453 HIGH This Week

A vulnerability in the Sourcefire tunnel control channel protocol in Cisco Firepower System Software running on Cisco Firepower Threat Defense (FTD) sensors could allow an authenticated, local. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Firepower Threat Defense
NVD
CVSS 3.0
8.2
EPSS
0.4%
CVE-2018-11083 HIGH This Week

Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Bosh
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2018-15372 HIGH This Week

A vulnerability in the MACsec Key Agreement (MKA) using Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) functionality of Cisco IOS XE Software could allow an unauthenticated,. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2018-0423 HIGH This Week

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service RCE Buffer Overflow Cisco Rv110W Firmware +2
NVD
CVSS 3.0
8.1
EPSS
6.8%
CVE-2018-11064 HIGH This Week

Dell EMC Unity OE versions 4.3.0.x and 4.3.1.x and UnityVSA OE versions 4.3.0.x and 4.3.1.x contains an Incorrect File Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-15422 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2018-15421 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2018-15420 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-15419 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2018-15418 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +3
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2018-15417 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-15416 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-15415 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-15414 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-15413 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-15412 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-15411 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2018-15410 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +3
NVD
CVSS 3.1
7.8
EPSS
2.0%
CVE-2018-15409 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2018-15408 HIGH This Week

A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Cisco Webex Meetings Online Webex Meetings Server +2
NVD
CVSS 3.0
7.8
EPSS
2.1%
CVE-2018-0433 HIGH This Week

A vulnerability in the command-line interface (CLI) in the Cisco SD-WAN Solution could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Vedge 100 Firmware Vedge 1000 Firmware Vedge 2000 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-0405 HIGH This Week

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cisco Rv180W Firmware Rv220W Firmware
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2018-0404 HIGH This Week

A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cisco Rv180W Wireless N Multifunction Vpn Router Rv220W Wireless Network Security Firewall
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-15391 HIGH This Week

A vulnerability in certain IPv4 fragment-processing functions of Cisco Remote PHY Software could allow an unauthenticated, remote attacker to impact traffic passing through a device, potentially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Remote
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-15383 HIGH This Week

A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense Adaptive Security Appliance Software
NVD
CVSS 3.1
7.5
EPSS
2.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy