Skip to main content
CVE-2018-3892 HIGH POC This Week

An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Yi Home Camera Firmware
NVD
CVSS 3.1
8.1
EPSS
2.7%
CVE-2018-3935 HIGH POC This Week

An exploitable code execution vulnerability exists in the UDP network functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service RCE Yi Home Camera Firmware Yi Home
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2018-3899 HIGH POC This Week

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Yi Home Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-3898 HIGH POC This Week

An exploitable code execution vulnerability exists in the QR code scanning functionality of Yi Home Camera 27US 1.8.7.0D. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Yi Home Camera Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-15762 HIGH This Week

Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Operations Manager
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-11062 HIGH This Week

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Emc Integrated Data Protection Appliance
NVD
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-1552 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 10.0 and 11.0 allows a remote attacker to execute arbitrary code on the system, caused by a missing restriction in which file types can be. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM RCE Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-7798 HIGH This Week

A Insufficient Verification of Data Authenticity (CWE-345) vulnerability exists in the Modicon M221, all versions, which could cause a change of IPv4 configuration (IP address, mask and gateway) when. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Somachine Basic
NVD VulDB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2018-16847 HIGH PATCH This Week

An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Qemu Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-7799 HIGH This Week

A DLL hijacking vulnerability exists in Schneider Electric Software Update (SESU), all versions prior to V2.2.0, which could allow an attacker to execute arbitrary code on the targeted system when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Schneider Electric RCE Software Update Utility
NVD
CVSS 3.0
7.8
EPSS
2.8%
CVE-2018-1877 HIGH PATCH This Week

IBM Robotic Process Automation with Automation Anywhere 11 could store highly sensitive information in the form of unencrypted passwords that would be available to a local user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Information Disclosure Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-16849 HIGH PATCH This Week

A flaw was found in openstack-mistral. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openstack Mistral
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-17912 HIGH This Week

An XXE vulnerability exists in CASE Suite Versions 3.10 and prior when processing parameter entities, which may allow remote file disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Case Suite
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-1846 HIGH This Week

IBM Rational Engineering Lifecycle Manager 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Rational Engineering Lifecycle Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-1835 HIGH This Week

IBM Daeja ViewONE Professional, Standard & Virtual 5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Daeja Viewone
NVD
CVSS 3.0
7.1
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy