Skip to main content
CVE-2018-18850 HIGH POC THREAT Act Now

In Octopus Deploy 2018.8.0 through 2018.9.x before 2018.9.1, an authenticated user with permission to modify deployment processes could upload a maliciously crafted YAML configuration, potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Octopus Server
NVD GitHub
CVSS 3.0
8.8
EPSS
12.5%
CVE-2018-18867 HIGH POC This Week

An SSRF issue was discovered in tecrail Responsive FileManager 9.13.4 via the upload.php url parameter. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Responsive Filemanager
NVD GitHub
CVSS 3.0
8.6
EPSS
1.5%
CVE-2018-11759 HIGH POC THREAT This Week

The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Path Traversal Tomcat Jk Connector Debian Linux +1
NVD
CVSS 3.0
7.5
EPSS
90.6%
CVE-2018-18854 HIGH POC PATCH This Week

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of many JSON object fields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Spray Json
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-18853 HIGH POC PATCH This Week

Lightbend Spray spray-json through 1.3.4 allows remote attackers to cause a denial of service (resource consumption) because of Algorithmic Complexity during the parsing of a field composed of many. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Spray Json
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-14651 HIGH PATCH This Week

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service RCE Debian Linux Enterprise Linux Glusterfs
NVD
CVSS 3.0
8.8
EPSS
3.2%
CVE-2018-14653 HIGH This Week

The Gluster file system through versions 4.1.4 and 3.12 is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Denial Of Service Buffer Overflow Gluster Storage Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2018-15326 HIGH This Week

In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-15320 HIGH This Week

On BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, undisclosed traffic patterns may lead to denial of service conditions for the BIG-IP system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-15319 HIGH This Week

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-15318 HIGH This Week

In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-15317 HIGH This Week

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-15327 HIGH This Week

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1 or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +10
NVD
CVSS 3.0
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy