Skip to main content
CVE-2018-16874 HIGH PATCH This Week

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Path Traversal Go Backports Sle Leap +2
NVD
CVSS 3.1
8.1
EPSS
5.0%
CVE-2018-16873 HIGH PATCH This Week

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Go Backports Sle Leap Linux Enterprise Server +1
NVD
CVSS 3.1
8.1
EPSS
66.3%
CVE-2018-3704 HIGH This Week

Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Parallel Studio Parallel Studio Xe
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-18097 HIGH This Week

Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Solid State Drive Toolbox
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-18093 HIGH This Week

Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Vtune Amplifier
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-20151 HIGH This Week

In WordPress before 4.9.9 and 5.x before 5.0.1, the user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Debian Linux
NVD
CVSS 3.0
7.5
EPSS
6.7%
CVE-2018-19003 HIGH This Week

GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ex2100E Firmware Ls2100E Firmware Mark Vle Firmware
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2018-16875 HIGH PATCH This Week

The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Leap
NVD
CVSS 3.0
7.5
EPSS
6.3%
CVE-2018-20156 HIGH This Week

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress RCE PHP Wp Maintenance Mode
NVD
CVSS 3.0
7.2
EPSS
1.5%
CVE-2018-6707 HIGH This Week

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Denial Of Service RCE Agent
NVD
CVSS 3.0
7.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy