Skip to main content
CVE-2018-19754 HIGH POC This Week

Tarantella Enterprise before 3.11 allows bypassing Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tarantella Enterprise
NVD
CVSS 3.0
8.8
EPSS
2.6%
CVE-2018-19650 HIGH POC This Week

Local attackers can trigger a stack-based buffer overflow on vulnerable installations of Antiy-AVL ATool security management v1.0.0.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Privilege Escalation Denial Of Service Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-19753 HIGH POC THREAT This Week

Tarantella Enterprise before 3.11 allows Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Tarantella Enterprise
NVD
CVSS 3.0
7.5
EPSS
16.6%
CVE-2018-1002103 HIGH This Week

In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Dashboard listening on the VM IP at port 30000. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF RCE Kubernetes Minikube
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15797 HIGH This Week

Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Foundry Nfs Volume
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-19786 HIGH This Week

HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Hashicorp Information Disclosure Vault
NVD GitHub
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-1941 HIGH PATCH This Week

IBM Campaign 9.1.0 and 9.1.2 could allow a local user to obtain admini privileges due to the application not validating access permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Campaign
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-1732 HIGH PATCH This Week

IBM QRadar Advisor with Watson 1.14.0 discloses sensitive information to unauthorized users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Qradar Advisor With Watson
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1648 HIGH PATCH This Week

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Qradar Incident Forensics
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-19865 HIGH PATCH This Week

A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-1730 HIGH This Week

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Qradar Security Information And Event Manager
NVD
CVSS 3.0
7.1
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy