Skip to main content
CVE-2018-18314 CRITICAL POC PATCH Act Now

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Perl Ubuntu Linux Debian Linux E Series Santricity Os Controller +4
NVD GitHub
CVSS 3.0
9.8
EPSS
6.1%
CVE-2018-7364 CRITICAL POC THREAT Act Now

All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by improper access control vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Zte RCE Zxin10
NVD GitHub
CVSS 3.1
9.8
EPSS
10.3%
CVE-2018-18313 CRITICAL POC PATCH Act Now

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Perl Ubuntu Linux Debian Linux +6
NVD GitHub
CVSS 3.0
9.1
EPSS
9.5%
CVE-2018-9578 CRITICAL Act Now

In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2018-18311 CRITICAL PATCH Act Now

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Perl Ubuntu Linux Debian Linux +15
NVD GitHub
CVSS 3.0
9.8
EPSS
11.7%
CVE-2018-11905 CRITICAL PATCH Act Now

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN function due to lack of input validation in values received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
9.8
EPSS
0.9%
CVE-2018-19932 MEDIUM POC PATCH This Month

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Binutils Vasa Provider
NVD
CVSS 3.0
5.5
EPSS
2.0%
CVE-2018-15362 CRITICAL Act Now

XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Cimplicity
NVD
CVSS 3.0
9.1
EPSS
2.7%
CVE-2018-7066 CRITICAL Act Now

An unauthenticated remote command execution exists in Aruba ClearPass Policy Manager on linked devices. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Aruba Information Disclosure Clearpass Policy Manager
NVD
CVSS 3.0
9.0
EPSS
3.5%
CVE-2018-9572 HIGH This Week

In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2018-9571 HIGH This Week

In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2018-9569 HIGH This Week

In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2018-5810 HIGH PATCH This Week

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-5809 HIGH PATCH This Week

An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Libraw
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-5808 HIGH PATCH This Week

An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Libraw Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-5807 HIGH PATCH This Week

An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-5805 HIGH PATCH This Week

A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libraw Enterprise Linux Desktop Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-5802 HIGH PATCH This Week

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libraw Enterprise Linux Desktop Enterprise Linux Server +3
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-17924 HIGH This Week

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Micrologix 1400 Firmware 1756 Enbt Firmware 1756 Eweb Series A Firmware +13
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2018-7063 HIGH This Week

In Aruba ClearPass, disabled API admins can still perform read/write operations. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Aruba XXE Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-9577 HIGH This Week

In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9576 HIGH This Week

In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9575 HIGH This Week

In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9574 HIGH This Week

In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9573 HIGH This Week

In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9570 HIGH This Week

In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9518 HIGH PATCH This Week

In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android +1
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-19931 HIGH PATCH This Week

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Binutils Vasa Provider Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2018-7080 HIGH This Week

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Aruba Information Disclosure Arubaos 203Rp Firmware 203R Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-1883 HIGH PATCH This Week

A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Mq
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-19939 HIGH This Week

The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mi A2 Lite Firmware Redmi 6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-19935 HIGH PATCH This Week

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service PHP Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2018-7079 HIGH This Week

Aruba ClearPass Policy Manager guest authorization failure. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass Policy Manager
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2018-7067 HIGH This Week

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass Policy Manager
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-7065 HIGH This Week

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Privilege Escalation Clearpass Policy Manager
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2018-1920 HIGH This Week

IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Marketing Platform
NVD
CVSS 3.0
7.1
EPSS
2.4%
CVE-2018-1424 HIGH This Week

IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Marketing Platform
NVD
CVSS 3.0
7.1
EPSS
2.4%
CVE-2018-19960 HIGH This Week

The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Onionshare
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-9517 MEDIUM PATCH This Month

In pppol2tp_connect, there is possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Use After Free Privilege Escalation Denial Of Service Google +2
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-5816 MEDIUM PATCH This Month

An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-5815 MEDIUM PATCH This Month

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Apple Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-5813 MEDIUM PATCH This Month

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libraw Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-5812 MEDIUM PATCH This Month

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-5811 MEDIUM PATCH This Month

An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-5806 MEDIUM PATCH This Month

An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libraw Enterprise Linux Desktop Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-5804 MEDIUM PATCH This Month

A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libraw
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-5801 MEDIUM PATCH This Month

An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libraw Enterprise Linux Desktop Enterprise Linux Server +3
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-5800 MEDIUM PATCH This Month

An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Libraw Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Workstation +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-9519 MEDIUM This Month

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Privilege Escalation Buffer Overflow Google Android
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2018-1663 MEDIUM PATCH This Month

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, 7.6, and 2018.4 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Datapower Gateway
NVD
CVSS 3.0
5.9
EPSS
2.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy