Skip to main content
CVE-2018-19655 HIGH POC This Week

A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Dcraw Suse Linux Enterprise Desktop Suse Linux Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-19662 HIGH POC This Week

An issue was discovered in libsndfile 1.0.28. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libsndfile Debian Linux
NVD GitHub
CVSS 3.0
8.1
EPSS
2.3%
CVE-2018-19666 HIGH POC This Week

The agent in OSSEC through 3.1.0 on Windows allows local users to gain NT AUTHORITY\SYSTEM access via Directory Traversal by leveraging full access to the associated OSSEC server. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Path Traversal Ossec Wazuh
NVD GitHub
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-19748 HIGH POC This Week

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Sdcms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-8789 HIGH POC PATCH This Week

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Freerdp Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
5.2%
CVE-2018-19654 HIGH POC This Week

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sales Company Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2018-19628 HIGH POC This Week

In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.1%
CVE-2018-19627 HIGH POC THREAT This Week

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wireshark Debian Linux
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.7%
CVE-2018-19623 HIGH POC This Week

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2018-19622 HIGH POC This Week

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-15537 HIGH This Week

Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ocsinventory Ng
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2018-12245 HIGH This Week

Symantec Endpoint Protection prior to 14.2 MP1 may be susceptible to a DLL Preloading vulnerability, which in this case is an issue that can occur when an application being installed unintentionally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Protection
NVD
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-12238 HIGH This Week

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000;. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Protection Endpoint Protection Cloud Norton Antivirus
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-19120 HIGH This Week

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kde Applications
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2018-15980 HIGH PATCH This Week

Adobe Photoshop CC versions 19.1.6 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Photoshop Cc
NVD
CVSS 3.0
7.5
EPSS
7.9%
CVE-2018-15979 HIGH PATCH This Week

Adobe Acrobat and Reader versions 2019.008.20080 and earlier, 2017.011.30105 and earlier, and 2015.006.30456 and earlier have a ntlm sso hash theft vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
7.5
EPSS
10.3%
CVE-2018-15978 HIGH PATCH This Week

Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player Enterprise Linux Desktop +2
NVD
CVSS 3.0
7.5
EPSS
7.4%
CVE-2018-14626 HIGH This Week

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-10851 HIGH This Week

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authoritative Recursor
NVD
CVSS 3.0
7.5
EPSS
6.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy