Skip to main content
CVE-2018-18312 CRITICAL POC THREAT Act Now

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Perl Ubuntu Linux Debian Linux Enterprise Linux +4
NVD
CVSS 3.0
9.8
EPSS
12.1%
CVE-2018-1002105 CRITICAL POC PATCH THREAT Act Now

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Openshift Container Platform Trident
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
87.0%
CVE-2018-19857 CRITICAL POC Act Now

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Vlc Media Player Debian Linux
NVD
CVSS 3.0
9.1
EPSS
3.9%
CVE-2018-19754 HIGH POC This Week

Tarantella Enterprise before 3.11 allows bypassing Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tarantella Enterprise
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-19650 HIGH POC This Week

Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Privilege Escalation Denial Of Service Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-19753 HIGH POC THREAT This Week

Tarantella Enterprise before 3.11 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tarantella Enterprise
NVD
CVSS 3.0
7.5
EPSS
16.6%
CVE-2018-19859 MEDIUM POC PATCH This Month

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openrefine
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-19877 MEDIUM POC THREAT This Month

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Loganalyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
18.6%
CVE-2018-16791 CRITICAL Act Now

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sftp Scp Server
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-1002101 CRITICAL PATCH Act Now

In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Microsoft Kubernetes
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-19864 CRITICAL POC PATCH THREAT Act Now

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Nvrmini2 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.8%
CVE-2018-16792 CRITICAL Act Now

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Sftp Scp Server
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2018-1002103 HIGH This Week

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF RCE Kubernetes Minikube
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15797 HIGH This Week

Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Nfs Volume
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-19786 HIGH This Week

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-1941 HIGH PATCH This Week

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Campaign
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1732 HIGH PATCH This Week

IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Advisor With Watson
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1648 HIGH PATCH This Week

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Incident Forensics
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-19865 HIGH PATCH This Week

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1730 HIGH This Week

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%
CVE-2018-19876 MEDIUM PATCH This Month

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Apple Cairo
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-12155 MEDIUM This Month

Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Integrated Performance Primitives
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1650 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Qradar Incident Forensics
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1728 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Incident Forensics
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-19608 MEDIUM This Month

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Mbed Tls
NVD VulDB
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-15773 MEDIUM PATCH This Month

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Data Protection Encryption
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2018-1697 MEDIUM This Month

IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
4.3
EPSS
1.2%
CVE-2018-1568 LOW PATCH Monitor

IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Incident Forensics
NVD
CVSS 3.0
3.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy