Skip to main content
CVE-2018-15439 CRITICAL POC THREAT Emergency

A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware +111
NVD GitHub
CVSS 3.1
9.8
EPSS
49.7%
CVE-2018-19115 CRITICAL PATCH Act Now

keepalived before 2.0.7 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Keepalived Debian Linux Enterprise Linux Server +4
NVD GitHub
CVSS 3.0
9.8
EPSS
3.7%
CVE-2018-15447 CRITICAL Act Now

A vulnerability in the web framework code of Cisco Integrated Management Controller (IMC) Supervisor could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cisco Integrated Management Controller
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-15394 CRITICAL Act Now

A vulnerability in the Stealthwatch Management Console (SMC) of Cisco Stealthwatch Enterprise could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Stealthwatch Enterprise
NVD
CVSS 3.0
9.8
EPSS
4.0%
CVE-2018-15381 CRITICAL Act Now

A Java deserialization vulnerability in Cisco Unity Express (CUE) could allow an unauthenticated, remote attacker to execute arbitrary shell commands with the privileges of the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Cisco Unity Express
NVD
CVSS 3.0
9.8
EPSS
87.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy