Skip to main content
CVE-2018-20618 HIGH POC This Week

ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Ok File Formats
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2018-20617 HIGH POC This Week

ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ok File Formats
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-20616 HIGH POC This Week

ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ok File Formats
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-6336 HIGH POC This Week

An issue was discovered in osquery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Osquery
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-6344 HIGH POC This Week

A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Heap Overflow Denial Of Service Google +2
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-19904 MEDIUM POC This Month

Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page "body" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xsltcms Org
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-19903 MEDIUM POC This Month

Persistent XSS exists in XSLT CMS via the create/?action=items.edit&type=Page title field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xsltcms Org
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-6333 CRITICAL PATCH Act Now

The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS RCE Nuclide
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2018-6331 CRITICAL PATCH Act Now

Buck parser-cache command loads/saves state using Java serialized object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Deserialization RCE Buck
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2018-6342 CRITICAL PATCH Act Now

react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Command Injection React Dev Utils
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2018-6334 CRITICAL PATCH Act Now

Multipart-file uploads call variables to be improperly registered in the global scope. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Hhvm
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-18602 CRITICAL Act Now

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 360 Outdoor Firmware 180 Outdoor Firmware 360 Indoor Firmware 180 Indoor Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2018-17191 CRITICAL Act Now

Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Netbeans
NVD
CVSS 3.0
9.8
EPSS
7.8%
CVE-2018-20623 MEDIUM POC This Month

In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Binutils
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2018-19918 MEDIUM POC This Month

CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-19906 MEDIUM POC This Month

Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-19905 MEDIUM POC This Month

HTML injection exists in razorCMS 3.4.8 via the /#/page keywords parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Razorcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-19845 MEDIUM POC This Month

There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-19902 MEDIUM POC This Month

No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article "keyword" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS No Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19901 MEDIUM POC This Month

No-CMS 1.1.3 is prone to Persistent XSS via the blog/manage_article/index/ "article_title" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS No Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19844 MEDIUM POC This Month

FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frogcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-6340 HIGH PATCH This Week

The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Buffer Overflow Hhvm
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2018-18601 HIGH This Week

The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Gz621W Firmware
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2018-18600 HIGH This Week

The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection 180 Outdoor Firmware 180 Indoor Firmware
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2018-6668 HIGH This Week

A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Application Change Control
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6347 HIGH PATCH This Week

An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Proxygen
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-6346 HIGH PATCH This Week

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Proxygen
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-6343 HIGH PATCH This Week

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Proxygen
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2018-6337 HIGH PATCH This Week

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Folly Hhvm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-6335 HIGH PATCH This Week

A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Hhvm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2018-18593 HIGH This Week

Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ucmdb Configuration Manager
NVD
CVSS 3.0
7.5
EPSS
6.6%
CVE-2018-19937 MEDIUM PATCH This Month

A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apple Vlc For Mobile
NVD GitHub
CVSS 3.1
6.6
EPSS
0.3%
CVE-2018-20622 MEDIUM This Month

JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jasper Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-6341 MEDIUM PATCH This Month

React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS React
NVD
CVSS 3.1
6.1
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy