Skip to main content
CVE-2018-18312 CRITICAL POC THREAT Act Now

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Perl Ubuntu Linux Debian Linux Enterprise Linux +4
NVD
CVSS 3.0
9.8
EPSS
12.1%
CVE-2018-1002105 CRITICAL POC PATCH THREAT Act Now

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Kubernetes Openshift Container Platform Trident
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
87.0%
CVE-2018-19857 CRITICAL POC Act Now

The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Vlc Media Player Debian Linux
NVD
CVSS 3.0
9.1
EPSS
3.9%
CVE-2018-16791 CRITICAL Act Now

In SolarWinds SFTP/SCP Server through 2018-09-10, the configuration file is world readable and writable, and stores user passwords in an insecure manner, allowing an attacker to determine passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sftp Scp Server
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-1002101 CRITICAL PATCH Act Now

In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Microsoft Kubernetes
NVD GitHub
CVSS 3.0
9.8
EPSS
4.1%
CVE-2018-19864 CRITICAL POC PATCH THREAT Act Now

NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service RCE Buffer Overflow Nvrmini2 Firmware
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
24.8%
CVE-2018-16792 CRITICAL Act Now

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Sftp Scp Server
NVD
CVSS 3.1
9.1
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy