Skip to main content
CVE-2018-9572 HIGH This Week

In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2018-9571 HIGH This Week

In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2018-9569 HIGH This Week

In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2018-5810 HIGH PATCH This Week

An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-5809 HIGH PATCH This Week

An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Libraw
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-5808 HIGH PATCH This Week

An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Libraw Debian Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.8%
CVE-2018-5807 HIGH PATCH This Week

An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libraw Ubuntu Linux
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-5805 HIGH PATCH This Week

A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Libraw Enterprise Linux Desktop Enterprise Linux Server +1
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-5802 HIGH PATCH This Week

An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Libraw Enterprise Linux Desktop Enterprise Linux Server +3
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2018-17924 HIGH This Week

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rockwell Micrologix 1400 Firmware 1756 Enbt Firmware 1756 Eweb Series A Firmware +13
NVD VulDB
CVSS 3.1
8.6
EPSS
0.1%
CVE-2018-7063 HIGH This Week

In Aruba ClearPass, disabled API admins can still perform read/write operations. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Aruba XXE Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2018-9577 HIGH This Week

In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9576 HIGH This Week

In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9575 HIGH This Week

In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9574 HIGH This Week

In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9573 HIGH This Week

In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9570 HIGH This Week

In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption RCE Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2018-9518 HIGH PATCH This Week

In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Buffer Overflow Privilege Escalation Android +1
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-19931 HIGH PATCH This Week

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Binutils Vasa Provider Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2018-7080 HIGH This Week

A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Aruba Information Disclosure Arubaos 203Rp Firmware 203R Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2018-1883 HIGH PATCH This Week

A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Mq
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-19939 HIGH This Week

The Goodix GT9xx touchscreen driver for custom Linux kernels on Xiaomi daisy-o-oss and daisy-p-oss as used in Mi A2 Lite and RedMi6 pro devices through 2018-08-27 has a NULL pointer dereference in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mi A2 Lite Firmware Redmi 6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-19935 HIGH PATCH This Week

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service PHP Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.3%
CVE-2018-7079 HIGH This Week

Aruba ClearPass Policy Manager guest authorization failure. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass Policy Manager
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2018-7067 HIGH This Week

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Aruba Clearpass Policy Manager
NVD
CVSS 3.0
7.2
EPSS
1.3%
CVE-2018-7065 HIGH This Week

An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Aruba Privilege Escalation Clearpass Policy Manager
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2018-1920 HIGH This Week

IBM Marketing Platform 9.1.0, 9.1.2 and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Marketing Platform
NVD
CVSS 3.0
7.1
EPSS
2.4%
CVE-2018-1424 HIGH This Week

IBM Marketing Platform 9.1.0, 9.1.2, and 10.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XXE Marketing Platform
NVD
CVSS 3.0
7.1
EPSS
2.4%
CVE-2018-19960 HIGH This Week

The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Onionshare
NVD
CVSS 3.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy