Skip to main content
CVE-2018-9488 HIGH POC PATCH This Week

In the SELinux permissions of crash_dump.te, there is a permissions bypass due to a missing restriction. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Google Authentication Bypass Privilege Escalation Android
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-16475 HIGH POC This Week

A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Knight
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-18980 HIGH POC THREAT This Week

An XML External Entity injection (XXE) vulnerability exists in Zoho ManageEngine Network Configuration Manager and OpManager before 12.3.214 via the RequestXML parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho XXE Manageengine Network Configuration Manager Manageengine Opmanager
NVD GitHub
CVSS 3.0
7.5
EPSS
25.0%
CVE-2018-12415 HIGH This Week

The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enterprise Message Service
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-12414 HIGH This Week

The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rendezvous Rendezvous For Z Linux Rendezvous For Z Os Rendezvous Network Server +1
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-12413 HIGH This Week

The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Apache Messaging Apache Kafka Distribution Schema Repository
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-12412 HIGH This Week

The realm server (tibrealmserver) component of TIBCO Software Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ftl
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-12411 HIGH This Week

The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Activespaces
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-9459 HIGH This Week

In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Privilege Escalation Path Traversal Android
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-9450 HIGH PATCH This Week

In avrc_proc_vendor_command of avrc_api.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-16986 HIGH This Week

Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Ble Stack
NVD
CVSS 3.0
8.8
EPSS
3.0%
CVE-2018-9363 HIGH This Week

In the hidp_process_report in bluetooth, there is an integer overflow. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Android Ubuntu Linux +2
NVD
CVSS 3.1
8.4
EPSS
0.5%
CVE-2018-9516 HIGH PATCH This Week

In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android +2
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-9465 HIGH PATCH This Week

In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Use After Free Privilege Escalation Denial Of Service Google +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9458 HIGH This Week

In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation XSS Android
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-9427 HIGH PATCH This Week

In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
1.8%
CVE-2018-9422 HIGH PATCH This Week

In get_futex_key of futex.c, there is a use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Memory Corruption Use After Free Privilege Escalation Android +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-9415 HIGH PATCH This Week

In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android Ubuntu Linux
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-9385 HIGH PATCH This Week

In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-9357 HIGH PATCH This Week

In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-16472 HIGH PATCH This Week

A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cached Path Relative Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2018-9489 HIGH This Week

When wifi is switched, function sendNetworkStateChangeBroadcast of WifiStateMachine.java broadcasts an intent including detailed wifi network information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Information Disclosure Android
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2018-9455 HIGH PATCH This Week

In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Denial Of Service Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-9448 HIGH PATCH This Week

In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9436 HIGH PATCH This Week

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9362 HIGH PATCH This Week

In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-9361 HIGH PATCH This Week

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9360 HIGH PATCH This Week

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9359 HIGH PATCH This Week

In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9358 HIGH PATCH This Week

In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-17186 HIGH PATCH This Week

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE RCE Syncope
NVD
CVSS 3.0
7.2
EPSS
2.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy