Skip to main content
CVE-2018-20325 CRITICAL POC Act Now

There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Python Definitions
NVD GitHub
CVSS 3.0
9.8
EPSS
3.4%
CVE-2018-19323 CRITICAL POC KEV THREAT Act Now

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes functionality to read and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aorus Graphics Engine Gigabyte App Center Oc Guru Ii Xtreme Gaming Engine
NVD
CVSS 3.1
9.8
EPSS
8.5%
CVE-2018-20318 CRITICAL POC Act Now

An issue was discovered in weixin-java-tools v3.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Wxjava
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-20193 HIGH POC This Week

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Juniper Secure Access Series Ssl Vpn Sa 4000
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-20337 HIGH POC This Week

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libraw
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-20346 HIGH POC PATCH This Week

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Integer Overflow RCE Buffer Overflow Sqlite Chrome +3
NVD GitHub
CVSS 3.0
8.1
EPSS
9.7%
CVE-2018-19322 HIGH POC KEV THREAT This Week

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aorus Graphics Engine App Center Oc Guru Ii Xtreme Gaming Engine
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2018-19321 HIGH POC KEV THREAT This Week

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aorus Graphics Engine App Center Oc Guru Ii Xtreme Gaming Engine
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2018-19320 HIGH POC KEV THREAT This Week

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aorus Graphics Engine App Center Oc Guru Ii Xtreme Gaming Engine
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2018-20332 HIGH POC PATCH This Week

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Openwebif
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-20342 MEDIUM POC This Month

The Floureon IP Camera SP012 provides a root terminal on a UART serial interface without proper access control. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sp012
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-16778 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jenzabar
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-18009 CRITICAL Act Now

dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 140L Firmware Dir 640L Firmware
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2018-18008 CRITICAL Act Now

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dsl 2770L Firmware Dir 140L Firmware Dir 640L Firmware +4
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-18007 CRITICAL Act Now

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dsl 2770L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-20338 CRITICAL Act Now

Zoho ManageEngine OpManager 12.3 before build 123239 allows SQL injection in the Alarms section. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zoho Manageengine Opmanager
NVD
CVSS 3.0
9.8
EPSS
11.5%
CVE-2018-20330 HIGH PATCH This Week

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libjpeg Turbo
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-20329 HIGH PATCH This Week

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Chamilo Lms
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-5202 HIGH This Week

SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Skcertservice
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-5196 HIGH This Week

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Alzip
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-18332 HIGH This Week

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18331 HIGH PATCH This Week

A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-20226 HIGH PATCH This Week

An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cortex
NVD GitHub
CVSS 3.0
7.2
EPSS
1.7%
CVE-2018-18330 MEDIUM This Month

An Address Bar Spoofing vulnerability in Trend Micro Dr. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Trend Micro Information Disclosure Dr Safety
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-20322 MEDIUM PATCH This Month

LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS RCE Limesurvey
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-20339 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-5201 MEDIUM PATCH This Month

Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft Denial Of Service Buffer Overflow Hancom Office 2010 +3
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-20328 MEDIUM PATCH This Month

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Chamilo Lms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-20327 MEDIUM PATCH This Month

Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo Lms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-20345 MEDIUM This Month

Incorrect access control in StackStorm API (st2api) in StackStorm before 2.9.2 and 2.10.x before 2.10.1 allows an attacker (who has a StackStorm account and is authenticated against the StackStorm. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Stackstorm
NVD
CVSS 3.0
5.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy