Skip to main content
CVE-2018-19788 HIGH POC THREAT This Week

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Polkit Debian Linux Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
11.5%
CVE-2018-14707 HIGH POC THREAT This Week

Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal 5N2 Firmware
NVD
CVSS 3.0
7.5
EPSS
27.8%
CVE-2018-14702 HIGH POC This Week

Incorrect access control in the /drobopix/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP 5N2 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14700 HIGH POC This Week

Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP 5N2 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14696 HIGH POC This Week

Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve sensitive system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP 5N2 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-14695 HIGH POC This Week

Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP 5N2 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-4021 HIGH POC THREAT This Week

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pfsense
NVD
CVSS 3.1
7.2
EPSS
72.2%
CVE-2018-4020 HIGH POC THREAT This Week

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pfsense
NVD
CVSS 3.1
7.2
EPSS
48.7%
CVE-2018-4019 HIGH POC THREAT This Week

An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Pfsense
NVD
CVSS 3.1
7.2
EPSS
48.7%
CVE-2018-1002000 HIGH POC This Week

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Arigato Autoresponder And Newsletter
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
4.4%
CVE-2018-19793 HIGH POC This Week

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jiacrontab
NVD GitHub
CVSS 3.0
7.2
EPSS
2.4%
CVE-2018-3854 HIGH POC This Week

An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Quicken 2018
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2018-19827 HIGH This Week

In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Libsass
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-1840 HIGH PATCH This Week

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

IBM Information Disclosure Websphere Application Server
NVD
CVSS 3.0
8.1
EPSS
2.1%
CVE-2018-6439 HIGH This Week

A Vulnerability in the configdownload command of Brocade Fabric OS command line interface (CLI) versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to escape the restricted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2018-19824 HIGH PATCH This Week

In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel +2
NVD GitHub
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-16863 HIGH PATCH This Week

It was found that RHSA-2018:2918 did not fully fix CVE-2018-16509. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Red Hat Authentication Bypass Ghostscript Enterprise Linux Desktop Enterprise Linux Server +4
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-7116 HIGH This Week

HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote denial of service via dbman Opcode 10003 'Filename'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Intelligent Management Center
NVD
CVSS 3.0
7.5
EPSS
10.3%
CVE-2018-16855 HIGH This Week

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Recursor
NVD
CVSS 3.0
7.5
EPSS
59.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy