Skip to main content
CVE-2018-5772 MEDIUM POC This Month

In Exiv2 0.26, there is a segmentation fault caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function in the image.cpp file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-2634 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +13
NVD
CVSS 3.1
6.8
EPSS
4.5%
CVE-2018-2583 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL
NVD
CVSS 3.0
6.8
EPSS
3.0%
CVE-2018-0115 MEDIUM This Month

A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Staros
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-0088 MEDIUM This Month

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service RCE Apple Industrial Ethernet 4010 Series Firmware
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-2717 MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SPARC Platform). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Oracle Authentication Bypass Solaris
NVD
CVSS 3.0
6.6
EPSS
0.5%
CVE-2018-2715 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: BI Platform Security). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-2703 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-2702 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Strategic Sourcing). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Scm Strategic Sourcing
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-2695 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-2671 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Scm Purchasing
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-2668 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL MariaDB Debian Linux +12
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2018-2665 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL MariaDB Debian Linux +12
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2018-2642 MEDIUM PATCH This Month

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: File Upload). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service File Upload Argus Safety
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-2640 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL MariaDB Debian Linux +12
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2018-2622 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL MariaDB Debian Linux +12
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2018-2619 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Security). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Simphony
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-2612 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL MariaDB Active Iq Unified Manager +5
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2018-2605 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-2582 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Jdk Jre +11
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2018-2573 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL
NVD
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-2730 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Merchandising System component of Oracle Retail Applications (subcomponent: Cross Pillar). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Retail Merchandising System
NVD
CVSS 3.0
6.4
EPSS
0.6%
CVE-2018-2643 MEDIUM PATCH This Month

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Case Selection). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Argus Safety
NVD
CVSS 3.0
6.4
EPSS
0.7%
CVE-2018-2570 MEDIUM PATCH This Month

Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcomponent: Portal). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Communications Unified Inventory Management
NVD
CVSS 3.0
6.3
EPSS
1.1%
CVE-2018-2606 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Hospitality Guest Access
NVD
CVSS 3.0
6.2
EPSS
0.4%
CVE-2018-5776 MEDIUM PATCH This Month

WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS
NVD GitHub
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-5773 MEDIUM PATCH This Month

An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Python Python Markdown2
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0098 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Wap361 Firmware Wap150 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0097 MEDIUM This Month

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Prime Infrastructure
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0093 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Web Security Appliance
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0091 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Identity Services Engine
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-2732 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Analytical Applications Reconciliation Framework
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2018-2728 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Funds Transfer Pricing
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-2722 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Price Creation and Discovery component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Price Creation And Discovery
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2719 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Hedge Management And Ifrs Valuations
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2716 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Market Risk Measurement and Management component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Market Risk Measurement And Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2714 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Market Risk component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Market Risk
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2712 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Loan Loss Forecasting And Provisioning
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2699 MEDIUM PATCH This Month

Vulnerability in the Application Express component of Oracle Database Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2692 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Asset Liability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Asset Liability Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2682 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Liquidity Risk Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2674 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Logoff). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Flexcube Direct Banking
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2670 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Profitability Management component of Oracle Financial Services Applications (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Profitability Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2669 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hospitality Reporting And Analytics
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-2661 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Applications (subcomponent: Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Financial Services Analytical Applications Infrastructure
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-2659 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-2658 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-2654 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Company Dir / Org Chart Viewer). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Human Capital Management Human Resources
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-2644 MEDIUM PATCH This Month

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications (subcomponent: Worklist). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Argus Safety
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-2641 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +13
NVD
CVSS 3.1
6.1
EPSS
5.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy