Skip to main content
CVE-2018-19036 CRITICAL PATCH Act Now

An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Common Product Platform 4 Firmware Common Product Platform 6 Firmware Common Product Platform 7 Firmware Common Product Platform 7 3 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-20173 CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
24.5%
CVE-2018-19976 MEDIUM POC This Month

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yara
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-19975 MEDIUM POC This Month

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Yara
NVD GitHub
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19974 MEDIUM POC This Month

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yara
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-18247 MEDIUM POC This Month

Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icinga Web 2
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-18245 MEDIUM POC This Month

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Core Debian Linux
NVD
CVSS 3.0
5.4
EPSS
2.6%
CVE-2018-20185 MEDIUM POC PATCH This Month

In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Graphicsmagick Debian Linux +1
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2018-20170 MEDIUM POC PATCH This Month

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keystone
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-14853 MEDIUM POC This Month

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Null Pointer Dereference Denial Of Service Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
4.3
EPSS
0.9%
CVE-2018-19295 HIGH PATCH This Week

Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-7833 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-20092 HIGH This Week

PTC ThingWorx Platform through 8.3.0 is vulnerable to a directory traversal attack on ZIP files via a POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Thingworx Platform
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-16596 HIGH This Week

A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption RCE Buffer Overflow Internet Box Standard Firmware Internet Box Light Firmware +2
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2018-20169 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.19.9. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2018-7804 MEDIUM This Month

A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Modicom M340 Firmware Modicom Premium Firmware Modicom Quantum Firmware Modicom Bmxnor0200H Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7797 MEDIUM This Month

A URL redirection vulnerability exists in Power Monitoring Expert, Energy Expert (formerly Power Manager) - EcoStruxure Power Monitoring Expert (PME) v8.2 (all editions), EcoStruxure Energy Expert. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ecostruxure Energy Expert Ecostruxure Power Monitoring Expert Ecostruxure Power Scada Operation
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-20123 MEDIUM PATCH This Month

pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Qemu Ubuntu Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-20168 MEDIUM PATCH This Month

Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid". Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Denial Of Service Gvisor
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1891 MEDIUM This Month

IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1889 MEDIUM This Month

IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Security Guardium
NVD
CVSS 3.0
5.4
EPSS
1.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy