Skip to main content
CVE-2018-5333 MEDIUM POC PATCH This Month

In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Debian Linux +1
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
7.7%
CVE-2018-5189 HIGH POC This Week

Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Windriver
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-5332 HIGH PATCH This Week

In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Linux Buffer Overflow Linux Kernel Debian Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-5336 HIGH This Week

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-5335 MEDIUM This Month

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-5334 MEDIUM This Month

In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-1361 MEDIUM PATCH This Month

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-0118 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
6.1
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy