Skip to main content
CVE-2018-20618 HIGH POC This Week

ok-file-formats through 2018-10-16 has a heap-based buffer over-read in the ok_mo_decode2 function in ok_mo.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Ok File Formats
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2018-20617 HIGH POC This Week

ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_csv_decode2 function in ok_csv.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ok File Formats
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-20616 HIGH POC This Week

ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ok File Formats
NVD GitHub
CVSS 3.0
8.8
EPSS
1.1%
CVE-2018-6336 HIGH POC This Week

An issue was discovered in osquery. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Osquery
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-6344 HIGH POC This Week

A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Microsoft Heap Overflow Denial Of Service Google +2
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2018-6340 HIGH PATCH This Week

The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Buffer Overflow Hhvm
NVD GitHub
CVSS 3.1
8.1
EPSS
1.4%
CVE-2018-18601 HIGH This Week

The TK_set_deviceModel_req_handle function in the cloud communication component in Guardzilla GZ621W devices with firmware 0.5.1.4 has a Buffer Overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Gz621W Firmware
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2018-18600 HIGH This Week

The remote upgrade feature in Guardzilla GZ180 devices allow command injection via a crafted new firmware version parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection 180 Outdoor Firmware 180 Indoor Firmware
NVD
CVSS 3.1
8.1
EPSS
1.6%
CVE-2018-6668 HIGH This Week

A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Application Change Control
NVD
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-6347 HIGH PATCH This Week

An issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Proxygen
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-6346 HIGH PATCH This Week

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Proxygen
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2018-6343 HIGH PATCH This Week

Proxygen fails to validate that a secondary auth manager is set before dereferencing it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Proxygen
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2018-6337 HIGH PATCH This Week

folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Folly Hhvm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2018-6335 HIGH PATCH This Week

A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Hhvm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2018-18593 HIGH This Week

Remote Directory Traversal and Remote Disclosure of Privileged Information in UCMDB Configuration Management Service, version 10.22, 10.22 CUP1, 10.22 CUP2, 10.22 CUP3, 10.22 CUP4, 10.22 CUP5, 10.22. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ucmdb Configuration Manager
NVD
CVSS 3.0
7.5
EPSS
6.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy