Skip to main content
CVE-2018-15439 CRITICAL POC THREAT Emergency

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware +111
NVD GitHub
CVSS 3.1
9.8
EPSS
49.7%
CVE-2018-19109 HIGH POC This Week

tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/cms/column/list directly to read the column list page or edit a column. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tianti
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-19104 HIGH POC This Week

In BageCMS 3.1.3, upload/index.php has a CSRF vulnerability that can be used to upload arbitrary files and get server privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Bagecms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15445 HIGH POC This Week

A vulnerability in the web-based management interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cisco Energy Management Suite Software
NVD
CVSS 3.0
8.0
EPSS
0.9%
CVE-2018-19105 HIGH POC This Week

LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Librecad
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-19045 HIGH POC PATCH This Week

keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keepalived
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-15444 HIGH POC This Week

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Cisco Energy Management Suite Software
NVD
CVSS 3.0
7.3
EPSS
2.0%
CVE-2018-19110 MEDIUM POC This Month

The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Tianti
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-19115 CRITICAL PATCH Act Now

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Keepalived Debian Linux Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-15447 CRITICAL Act Now

A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cisco Integrated Management Controller
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-15394 CRITICAL Act Now

A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Stealthwatch Enterprise
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-15381 CRITICAL Act Now

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Cisco Unity Express
NVD
CVSS 3.0
9.8
EPSS
87.3%
CVE-2018-15437 MEDIUM POC This Month

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Cisco Advanced Malware Protection For Endpoints Immunet For Endpoints
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-19114 HIGH This Week

An issue was discovered in MinDoc through v1.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mindoc
NVD GitHub
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-6442 HIGH This Week

A vulnerability in the Brocade Webtools firmware update section of Brocade Fabric OS before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow remote authenticated attackers to execute arbitrary commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-19044 MEDIUM POC PATCH This Month

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Keepalived
NVD GitHub
CVSS 3.0
4.7
EPSS
0.5%
CVE-2018-11777 HIGH PATCH This Week

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Hive
NVD
CVSS 3.0
8.1
EPSS
2.3%
CVE-2018-6438 HIGH This Week

A Vulnerability in the supportsave command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6437 HIGH This Week

A Vulnerability in the help command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell and,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6436 HIGH This Week

A Vulnerability in the firmwaredownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6441 HIGH This Week

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6435 HIGH This Week

A Vulnerability in the secryptocfg command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-15448 HIGH This Week

A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Registered Envelope Service
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-15446 HIGH This Week

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Meeting Server
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-15443 HIGH This Week

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a configured Intrusion Prevention System (IPS) rule that inspects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower System Software
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-6434 HIGH This Week

A vulnerability in the web management interface of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow attackers to intercept or manipulate a user's session ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Fabric Operating System
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-7718 MEDIUM This Month

An issue was discovered in Telexy QPath 5.4.462. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qpath
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-15450 MEDIUM This Month

A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Prime Collaboration
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-15449 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Video Surveillance Media Server
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-0284 MEDIUM This Month

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Meraki Mr 24 Firmware Meraki Mr 25 Firmware Meraki Ms 10 Firmware +4
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-19108 MEDIUM PATCH This Month

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Exiv2 Debian Linux Enterprise Linux Desktop Enterprise Linux Server +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2018-19107 MEDIUM PATCH This Month

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Exiv2 Debian Linux +4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-15393 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Content Security Management Appliance
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-6433 MEDIUM This Month

A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-15451 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Prime Service Catalog
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-19111 MEDIUM This Month

The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Cardboard
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2018-19046 MEDIUM PATCH This Month

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keepalived
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-1314 MEDIUM PATCH This Month

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Hive
NVD
CVSS 3.0
4.3
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy