Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-12338

    Undocumented Factory Backdoor in ECOS System Management Appliance (aka SMA) 5.2.68 allows the vendor to extract confidential information and manipulate security relevant configurations via remote root SSH access.... Read more

    Affected Products : system_management_appliance
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.6

    MEDIUM
    CVE-2018-12337

    Reliance on Security Through Obscurity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to partially extract confidential configurations via user-space emulation.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-12336

    Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2018-12335

    Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment.... Read more

    Affected Products : system_management_appliance
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12334

    Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2018-12333

    Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.2

    MEDIUM
    CVE-2018-12332

    Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2018-12331

    Authentication Bypass by Spoofing vulnerability in ECOS System Management Appliance (aka SMA) 5.2.68 allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment."... Read more

    Affected Products : system_management_appliance
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 8.5

    HIGH
    CVE-2018-12330

    Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2018-12329

    Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning.... Read more

    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2018-12327

    Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether t... Read more

    Affected Products : ntp
    • Published: Jun. 20, 2018
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2018-12326

    Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redi... Read more

    Affected Products : redis vue_motion vue_pacs
    • Published: Jun. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2018-12323

    An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console.... Read more

    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-12322

    There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.... Read more

    Affected Products : radare2
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12321

    There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.... Read more

    Affected Products : radare2
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2018-12320

    There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.... Read more

    Affected Products : radare2
    • Published: Jun. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2018-12319

    Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2018-12318

    Information disclosure in the SNMP settings page in ASUSTOR ADM version 3.1.1 allows attackers to obtain the SNMP password in cleartext.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-12317

    OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands as root by modifying the "name" POST parameter.... Read more

    Affected Products : data_master as-602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2018-12316

    OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to execute system commands by modifying the filename POST parameter.... Read more

    Affected Products : data_master as602t
    • Published: Dec. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294273 Results