Skip to main content
CVE-2018-18556 CRITICAL POC THREAT Emergency

A privilege escalation issue was discovered in VyOS 1.1.8. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Vyos
NVD
CVSS 3.1
9.9
EPSS
15.4%
CVE-2018-18555 CRITICAL POC Act Now

A sandbox escape issue was discovered in VyOS 1.1.8. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vyos
NVD
CVSS 3.0
9.9
EPSS
1.8%
CVE-2018-20133 CRITICAL POC Act Now

ymlref allows code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Ymlref
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-20027 CRITICAL POC Act Now

The yaml_parse.load method in Pylearn2 allows code injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Pylearn2
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
CVE-2018-18249 CRITICAL POC Act Now

Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Icinga Web 2
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2018-19036 CRITICAL PATCH Act Now

An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Common Product Platform 4 Firmware Common Product Platform 6 Firmware Common Product Platform 7 Firmware Common Product Platform 7 3 Firmware
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-20173 CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
24.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy