Skip to main content
CVE-2018-20193 HIGH POC This Week

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Juniper Secure Access Series Ssl Vpn Sa 4000
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-20337 HIGH POC This Week

There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libraw
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-20346 HIGH POC PATCH This Week

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Integer Overflow RCE Buffer Overflow Sqlite Chrome +3
NVD GitHub
CVSS 3.0
8.1
EPSS
9.7%
CVE-2018-19322 HIGH POC KEV THREAT This Week

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aorus Graphics Engine App Center Oc Guru Ii Xtreme Gaming Engine
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2018-19321 HIGH POC KEV THREAT This Week

The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 expose functionality to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aorus Graphics Engine App Center Oc Guru Ii Xtreme Gaming Engine
NVD
CVSS 3.1
7.8
EPSS
3.7%
CVE-2018-19320 HIGH POC KEV THREAT This Week

The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aorus Graphics Engine App Center Oc Guru Ii Xtreme Gaming Engine
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2018-20332 HIGH POC PATCH This Week

An issue has been discovered in the OpenWebif plugin through 1.2.4 for Enigma2 based devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Openwebif
NVD GitHub
CVSS 3.0
7.5
EPSS
2.2%
CVE-2018-20330 HIGH PATCH This Week

The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Libjpeg Turbo
NVD GitHub
CVSS 3.0
8.8
EPSS
2.0%
CVE-2018-20329 HIGH PATCH This Week

Chamilo LMS version 1.11.8 contains a main/inc/lib/CoursesAndSessionsCatalog.class.php SQL injection, allowing users with access to the sessions catalogue (which may optionally be made public) to. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP Chamilo Lms
NVD GitHub
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-5202 HIGH This Week

SKCertService 2.5.5 and earlier contains a vulnerability that could allow remote attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Skcertservice
NVD
CVSS 3.0
7.8
EPSS
1.5%
CVE-2018-5196 HIGH This Week

Alzip 10.76.0.0 and earlier is vulnerable to a stack overflow caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Alzip
NVD
CVSS 3.0
7.8
EPSS
1.4%
CVE-2018-18332 HIGH This Week

A Trend Micro OfficeScan XG weak file permissions vulnerability may allow an attacker to potentially manipulate permissions on some key files to modify other files and folders on vulnerable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-18331 HIGH PATCH This Week

A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Trend Micro Information Disclosure Officescan
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-20226 HIGH PATCH This Week

An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cortex
NVD GitHub
CVSS 3.0
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy