Skip to main content
CVE-2018-18963 CRITICAL POC Act Now

Busca.aspx.cs in Degrau Publicidade e Internet Plataforma de E-commerce allows SQL Injection via the busca/ URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Degraupublicidade
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-9488 HIGH POC PATCH This Week

In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Google Authentication Bypass Privilege Escalation Android
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-16475 HIGH POC This Week

A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Knight
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-18980 HIGH POC THREAT This Week

An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XXE Manageengine Network Configuration Manager Manageengine Opmanager
NVD GitHub
CVSS 3.0
7.5
EPSS
25.0%
CVE-2018-9445 MEDIUM POC PATCH This Month

In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Privilege Escalation Path Traversal Android
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
0.8%
CVE-2018-16474 MEDIUM POC This Month

A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tianma Static
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-14667 CRITICAL KEV PATCH THREAT Act Now

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Code Injection RCE Richfaces Enterprise Linux
NVD
CVSS 3.1
9.8
EPSS
74.2%
CVE-2018-9446 CRITICAL PATCH Act Now

In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-9356 CRITICAL PATCH Act Now

In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google RCE Android
NVD
CVSS 3.0
9.8
EPSS
3.2%
CVE-2018-9355 CRITICAL Act Now

In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
3.0%
CVE-2018-16473 MEDIUM POC This Month

A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Takeapeek
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-12415 HIGH This Week

The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Message Service
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-12414 HIGH This Week

The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rendezvous Rendezvous For Z Linux Rendezvous For Z Os Rendezvous Network Server +1
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-12413 HIGH This Week

The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Apache Messaging Apache Kafka Distribution Schema Repository
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-12412 HIGH This Week

The realm server (tibrealmserver) component of TIBCO Software Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ftl
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-12411 HIGH This Week

The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Activespaces
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-9459 HIGH This Week

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Privilege Escalation Path Traversal Android
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-9450 HIGH PATCH This Week

In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-16986 HIGH This Week

Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Ble Stack
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-9363 HIGH This Week

In the hidp_process_report in bluetooth, there is an integer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Android Ubuntu Linux +2
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2018-9516 HIGH PATCH This Week

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android +2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9465 HIGH PATCH This Week

In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Use After Free Privilege Escalation Denial Of Service Google +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9458 HIGH This Week

In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation XSS Android
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-9427 HIGH PATCH This Week

In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-9422 HIGH PATCH This Week

In get_futex_key of futex.c, there is a use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Memory Corruption Use After Free Privilege Escalation Android +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9415 HIGH PATCH This Week

In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-9385 HIGH PATCH This Week

In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-9357 HIGH PATCH This Week

In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-16472 HIGH PATCH This Week

A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cached Path Relative Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-9489 HIGH This Week

When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-9455 HIGH PATCH This Week

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Denial Of Service Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-9448 HIGH PATCH This Week

In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9436 HIGH PATCH This Week

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9362 HIGH PATCH This Week

In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-9361 HIGH PATCH This Week

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9360 HIGH PATCH This Week

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9359 HIGH PATCH This Week

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9358 HIGH PATCH This Week

In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-17186 HIGH PATCH This Week

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Syncope
NVD
CVSS 3.0
7.2
EPSS
2.5%
CVE-2018-1694 MEDIUM PATCH This Month

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-9454 MEDIUM This Month

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9453 MEDIUM PATCH This Month

In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9451 MEDIUM PATCH This Month

In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9444 MEDIUM This Month

In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-9437 MEDIUM PATCH This Month

In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Denial Of Service Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-17184 MEDIUM PATCH This Month

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Syncope
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-9438 MEDIUM PATCH This Month

When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2018-18966 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18965 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18964 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy