Skip to main content
CVE-2018-4022 HIGH POC This Week

A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Mkvinfo
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2018-15686 HIGH POC PATCH This Week

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Deserialization Ubuntu Linux Debian Linux Systemd +1
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2018-18656 HIGH POC This Week

The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Purevpn
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-18653 HIGH POC PATCH This Week

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Ubuntu Jwt Attack Linux RCE Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-15687 HIGH POC PATCH This Week

A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Rated high severity (CVSS 7.0). Public exploit code available.

Race Condition Information Disclosure Ubuntu Linux Systemd
NVD GitHub Exploit-DB
CVSS 3.1
7.0
EPSS
1.1%
CVE-2018-18661 MEDIUM POC This Month

An issue was discovered in LibTIFF 4.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.9%
CVE-2018-18690 MEDIUM POC PATCH This Month

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-18662 MEDIUM POC This Month

There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mupdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-15688 HIGH PATCH This Week

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Systemd Debian Linux Ubuntu Linux Enterprise Linux Desktop +5
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2018-5914 HIGH This Week

Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +11
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5866 HIGH This Week

While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +13
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-3588 HIGH This Week

There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Qualcomm Mdm9206 Firmware Mdm9607 Firmware Mdm9650 Firmware +8
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11950 HIGH This Week

Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11854 HIGH This Week

Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware Sd 850 Firmware +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11853 HIGH This Week

Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Ipq8074 Firmware Mdm9206 Firmware Mdm9607 Firmware +20
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11850 HIGH This Week

Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware Mdm9640 Firmware +21
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11849 HIGH This Week

Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Buffer Overflow Ipq8074 Firmware Mdm9206 Firmware Mdm9607 Firmware +40
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11824 HIGH This Week

A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Buffer Overflow Mdm9206 Firmware Mdm9607 Firmware +8
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11822 HIGH This Week

A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Sd 835 Firmware Sd 845 Firmware +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11821 HIGH This Week

Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Qualcomm Buffer Overflow Ipq8074 Firmware Mdm9206 Firmware +19
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11305 HIGH This Week

When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Qualcomm Denial Of Service Use After Free Mdm9206 Firmware +24
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-18654 HIGH This Week

Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Crossroads
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-18659 HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Udp
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-18658 HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Udp
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-18657 HIGH PATCH This Week

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Udp
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-11828 HIGH This Week

When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Sd 210 Firmware Sd 212 Firmware Sd 205 Firmware +6
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-6559 LOW POC Monitor

The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.0
3.3
EPSS
0.5%
CVE-2018-18660 MEDIUM PATCH This Month

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Udp
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-11951 MEDIUM This Month

Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-11846 MEDIUM This Month

The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850. Rated medium severity (CVSS 4.7). No vendor patch available.

Qualcomm Information Disclosure Sd 210 Firmware Sd 212 Firmware Sd 205 Firmware +2
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2018-18655 MEDIUM PATCH This Month

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Prayer
NVD
CVSS 3.0
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy