Skip to main content
CVE-2018-8009 HIGH POC PATCH This Week

Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Path Traversal Hadoop
NVD
CVSS 3.0
8.8
EPSS
7.6%
CVE-2018-19244 HIGH POC This Week

An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Charles
NVD
CVSS 3.0
8.6
EPSS
2.0%
CVE-2018-19246 HIGH POC THREAT This Week

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Php Proxy
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
22.0%
CVE-2018-16850 CRITICAL PATCH Act Now

postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PostgreSQL Enterprise Linux Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
5.1%
CVE-2018-17614 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Stack Overflow Arduino Mqtt Client
NVD GitHub
CVSS 3.0
8.8
EPSS
9.3%
CVE-2018-2477 HIGH This Week

Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-12416 HIGH This Week

The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Datasynapse Gridserver Manager
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-1808 HIGH This Week

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Code Injection RCE Websphere Commerce
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-2487 HIGH This Week

SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure SAP Disclosure Management
NVD
CVSS 3.0
8.3
EPSS
1.5%
CVE-2018-14657 HIGH PATCH This Week

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Keycloak Single Sign On
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2018-15795 HIGH PATCH This Week

Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Credhub Service Broker
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2018-2491 HIGH This Week

When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Code Injection RCE SAP Fiori Client
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-2490 HIGH This Week

The broadcast messages received by SAP Fiori Client are not protected by permissions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Fiori Client
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2018-2489 HIGH This Week

Locally, without any permission, an arbitrary android application could delete the SSO configuration of SAP Fiori Client. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Fiori Client
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-2488 HIGH This Week

It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service SAP Fiori Client
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-1792 HIGH This Week

IBM WebSphere MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, 9.0.1 through 9.0.5, and 9.1.0.0 could allow a local user to inject code that could be executed with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Code Injection RCE Websphere Mq
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-2485 HIGH This Week

It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure SAP Fiori Client
NVD
CVSS 3.0
7.7
EPSS
1.2%
CVE-2018-16470 HIGH PATCH This Week

There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rack
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-2482 HIGH This Week

SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service SAP Mobile Secure
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-17187 HIGH PATCH This Week

The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Qpid Proton J
NVD
CVSS 3.0
7.4
EPSS
2.5%
CVE-2018-6980 HIGH PATCH This Week

VMware vRealize Log Insight (4.7.x before 4.7.1 and 4.6.x before 4.6.2) contains a vulnerability due to improper authorization in the user registration method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass VMware Vrealize Log Insight
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2018-2481 HIGH This Week

In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SAP Advanced Business Application Programming
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-2478 HIGH This Week

An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Basis
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-15772 HIGH This Week

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Recoverpoint Emc Recoverpoint For Virtual Machines
NVD
CVSS 3.0
7.1
EPSS
0.4%
CVE-2018-7925 MEDIUM This Month

The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emily Al00A Firmware
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2018-7910 MEDIUM This Month

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432),. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Alp Al00B Firmware Alp Tl00B Firmware Bla Al00B Firmware +2
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2018-15452 MEDIUM This Month

A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Cisco Advanced Malware Protection For Endpoints
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-2473 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-18591 MEDIUM This Month

A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Service Manager
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-16471 MEDIUM PATCH This Month

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rack Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-2479 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Bi Platform
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-2476 MEDIUM This Month

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-14658 MEDIUM This Month

A flaw was found in JBOSS Keycloak 3.2.1.Final. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Keycloak
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-6260 MEDIUM This Month

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Gpu Driver
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15771 MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Recoverpoint Recoverpoint For Virtual Machines
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-14655 MEDIUM This Month

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Keycloak Single Sign On
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-7926 MEDIUM This Month

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Watch 2 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-2483 MEDIUM This Month

HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy