Skip to main content
CVE-2018-1000867 HIGH POC PATCH This Week

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions*.php scripts that can result in Database Read via Blind SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Webid
NVD GitHub
CVSS 3.0
8.8
EPSS
1.5%
CVE-2018-1000858 HIGH POC This Week

GnuPG version 2.1.12 - 2.2.11 contains a Cross ite Request Forgery (CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF, Information Disclosure, DoS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla CSRF Information Disclosure Gnupg Ubuntu Linux
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2018-1000857 HIGH POC This Week

log-user-session version 0.7 and earlier contains a Directory Traversal vulnerability in Main SUID-binary /usr/local/bin/log-user-session that can result in User to root privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Path Traversal Log User Session
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2018-1000849 HIGH POC PATCH This Week

Alpine Linux version Versions prior to 2.6.10, 2.7.6, and 2.10.1 contains a Other/Unknown vulnerability in apk-tools (Alpine Linux' package manager) that can result in Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Alpine Linux
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-1000843 HIGH POC PATCH This Week

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery (CSRF) vulnerability in API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Luigi
NVD GitHub
CVSS 3.0
8.8
EPSS
0.8%
CVE-2018-1000839 HIGH POC This Week

LH-EHR version REL-2_0_0 contains a Arbitrary File Upload vulnerability in Profile picture upload that can result in Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Librehealth Ehr
NVD GitHub
CVSS 3.0
8.8
EPSS
3.1%
CVE-2018-1000811 HIGH POC THREAT This Week

bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Bludit
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
47.6%
CVE-2018-1000812 HIGH POC PATCH This Week

Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure PHP Integria Ims
NVD GitHub
CVSS 3.0
8.1
EPSS
2.0%
CVE-2018-19134 HIGH POC This Week

In Artifex Ghostscript through 9.25, the setpattern operator did not properly validate certain types. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ghostscript Debian Linux Enterprise Linux Desktop Enterprise Linux Server +3
NVD
CVSS 3.0
7.8
EPSS
2.9%
CVE-2018-18629 HIGH POC This Week

An issue was discovered in the Keybase command-line client before 2.8.0-20181023124437 for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keybase
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-1000876 HIGH POC This Week

binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Binutils Ubuntu Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2018-18442 HIGH POC This Week

D-Link DCS-825L devices with firmware 1.08 do not employ a suitable mechanism to prevent denial-of-service (DoS) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcs 825L Firmware
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-18441 HIGH POC This Week

D-Link DCS series Wi-Fi cameras expose sensitive information regarding the device configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dcs 936L Firmware Dcs 942L Firmware Dcs 8000Lh Firmware +15
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-1000882 HIGH POC PATCH This Week

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal PHP Webid
NVD GitHub
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-1000850 HIGH POC PATCH This Week

Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Retrofit
NVD GitHub
CVSS 3.0
7.5
EPSS
4.0%
CVE-2018-1000817 HIGH POC PATCH This Week

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Asset Pipeline
NVD GitHub
CVSS 3.0
7.5
EPSS
2.5%
CVE-2018-20303 HIGH POC PATCH This Week

In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Gogs
NVD GitHub
CVSS 3.0
7.5
EPSS
3.2%
CVE-2018-18767 HIGH POC This Week

An issue was discovered in D-Link 'myDlink Baby App' version 2.04.06. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure D-Link Mydlink Baby Camera Monitor Dcs 825L Firmware
NVD
CVSS 3.0
7.0
EPSS
0.6%
CVE-2018-19242 HIGH This Week

Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Tew 632Brp Firmware Tew 673Gru Firmware
NVD
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-19234 HIGH This Week

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Miss Marple
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2018-1000878 HIGH PATCH This Week

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder -. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Use After Free Libarchive Debian Linux +6
NVD GitHub
CVSS 3.1
8.8
EPSS
4.4%
CVE-2018-1000877 HIGH PATCH This Week

libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-415: Double Free vulnerability in RAR decoder -. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libarchive Debian Linux Ubuntu Linux Fedora +3
NVD GitHub
CVSS 3.1
8.8
EPSS
4.6%
CVE-2018-1000846 HIGH PATCH This Week

FreshDNS version 1.0.3 and earlier contains a Cross ite Request Forgery (CSRF) vulnerability in All (authenticated) API calls in index.php / class.manager.php that can result in Editing domains and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF PHP Freshdns
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-5199 HIGH This Week

In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Veraport G3
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2018-1661 HIGH PATCH This Week

IBM DataPower Gateways 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Datapower Gateway
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-15722 HIGH This Week

The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Harmony Hub Firmware
NVD
CVSS 3.0
8.1
EPSS
1.6%
CVE-2018-5198 HIGH This Week

In Veraport G3 ALL on MacOS, a race condition when calling the Veraport API allow remote attacker to cause arbitrary file download and execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition RCE Apple Veraport G3
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2018-1778 HIGH PATCH This Week

IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Api Connect
NVD
CVSS 3.0
8.1
EPSS
3.4%
CVE-2018-6669 HIGH This Week

A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Application Change Control
NVD
CVSS 3.0
8.0
EPSS
0.5%
CVE-2018-19005 HIGH This Week

Cscape, Version 9.80.75.3 SP3 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cscape
NVD
CVSS 3.0
7.8
EPSS
1.7%
CVE-2018-15331 HIGH This Week

On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Big Ip Application Acceleration Manager
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-19233 HIGH This Week

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Miss Marple
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-11988 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11987 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11986 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11985 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11984 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11983 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Information Disclosure Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11965 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Mozilla Privilege Escalation Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11964 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2018-11963 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11961 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11960 HIGH PATCH This Week

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Google Mozilla +2
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-5200 HIGH This Week

KMPlayer 4.2.2.15 and earlier have a Heap Based Buffer Overflow Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Kmplayer
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2018-1771 HIGH PATCH This Week

IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Buffer Overflow Domino Notes
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-20191 HIGH PATCH This Week

hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Qemu Ubuntu Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2018-19241 HIGH This Week

Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tv Ip110Wn Firmware Tv Ip121Wn Firmware
NVD
CVSS 3.0
7.5
EPSS
2.3%
CVE-2018-20216 HIGH PATCH This Week

QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Qemu Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2018-20125 HIGH PATCH This Week

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Qemu Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2018-15330 HIGH This Week

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Local Traffic Manager Big Ip Application Acceleration Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.0
7.5
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy