Skip to main content
CVE-2018-17873 HIGH POC This Week

An incorrect access control vulnerability in the FTP configuration of WiFiRanger devices with firmware version 7.0.8rc3 and earlier allows an attacker with adjacent network access to read the SSH. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wifiranger Firmware
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2018-18599 HIGH POC This Week

Stegdetect through 2018-05-26 has an out-of-bounds write in f5_compress in the f5.c file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Stegdetect
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-17968 HIGH POC This Week

A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ruletkaio
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-17877 HIGH POC This Week

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Greedy 599
NVD GitHub
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-18589 HIGH This Week

A potential Remote Arbitrary Code Execution vulnerability has been identified in Micro Focus' Real User Monitoring software, versions 9.26IP, 9.30, 9.40 and 9.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Real User Monitoring
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-14828 HIGH This Week

Advantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Webaccess
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-8569 HIGH PATCH This Week

A remote code execution vulnerability exists in the Yammer desktop application due to the loading of arbitrary content, aka "Yammer Desktop Application Remote Code Execution Vulnerability." This. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Yammer
NVD
CVSS 3.0
7.8
EPSS
13.3%
CVE-2018-16837 HIGH PATCH This Week

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ansible Engine Ansible Tower Debian Linux Package Hub
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-18329 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-18328 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-18327 HIGH This Week

A KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15367 HIGH This Week

A ctl_set KERedirect Untrusted Pointer Dereference Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Null Pointer Dereference Denial Of Service Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15366 HIGH This Week

A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Memory Corruption Use After Free Trend Micro Antivirus For Mac 2017 +2
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7432 HIGH This Week

Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-7429 HIGH This Week

Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-18467 HIGH PATCH This Week

An issue was discovered in Daniel Gultsch Conversations 2.3.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Conversations
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-17447 HIGH PATCH This Week

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Information Disclosure Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-17444 HIGH This Week

A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2018-14820 HIGH This Week

Advantech WebAccess 8.3.1 and earlier has a .dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-18626 HIGH This Week

An issue was discovered in PHPYun V4.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Phpyun
NVD
CVSS 3.0
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy