Skip to main content
CVE-2018-3934 CRITICAL POC Act Now

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Yi Home Camera Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2018-17916 CRITICAL POC Act Now

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Stack Overflow Indusoft Web Studio Edge Intouch Machine Edition 2014
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2018-17914 CRITICAL POC Act Now

InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Indusoft Web Studio Edge Intouch Machine Edition 2014
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2018-3892 HIGH POC This Week

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Yi Home Camera Firmware
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2018-3935 HIGH POC This Week

An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Yi Home Camera Firmware Yi Home
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2018-3899 HIGH POC This Week

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Yi Home Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-3898 HIGH POC This Week

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Yi Home Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-3920 MEDIUM POC This Month

An exploitable code execution vulnerability exists in the firmware update functionality of the Yi Home Camera 27US 1.8.7.0D. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Yi Home Camera Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2018-3890 MEDIUM POC This Month

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Yi Home Camera Firmware
NVD
CVSS 3.1
6.8
EPSS
1.7%
CVE-2018-18897 MEDIUM POC This Month

An issue was discovered in Poppler 0.71.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Poppler Debian Linux Ubuntu Linux Enterprise Linux +6
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2018-17922 CRITICAL Act Now

Circontrol CirCarLife all versions prior to 4.3.1, the PAP credentials of the device are stored in clear text in a log file that is accessible without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Circarlife Firmware
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-17918 CRITICAL Act Now

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Circarlife Firmware
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2018-15762 HIGH This Week

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Operations Manager
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11062 HIGH This Week

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Emc Integrated Data Protection Appliance
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-1552 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-3891 MEDIUM POC This Month

An exploitable firmware downgrade vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yi Home Camera Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2018-7798 HIGH This Week

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Somachine Basic
NVD VulDB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2018-16847 HIGH PATCH This Week

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Qemu Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-7799 HIGH This Week

A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Software Update Utility
NVD
CVSS 3.0
7.8
EPSS
2.8%
CVE-2018-1877 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-16849 HIGH PATCH This Week

A flaw was found in openstack-mistral. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openstack Mistral
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17912 HIGH This Week

An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Case Suite
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-1846 HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1835 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Daeja Viewone
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1876 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could under certain cases, display the password in a Control Room log file after installation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1878 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere 11 could disclose sensitive information in a web request that could aid in future attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-1788 MEDIUM PATCH This Month

IBM Spectrum Protect Server 7.1 and 8.1 could disclose highly sensitive information via trace logs to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Protect Server
NVD
CVSS 3.0
4.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy