Skip to main content
CVE-2018-1000028 HIGH PATCH This Week

Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Linux Linux Kernel
NVD
CVSS 3.0
7.4
EPSS
1.4%
CVE-2018-1053 HIGH PATCH This Week

In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of. Rated high severity (CVSS 7.0).

Information Disclosure PostgreSQL Debian Linux Ubuntu Linux Cloudforms
NVD
CVSS 3.0
7.0
EPSS
0.5%
CVE-2018-3600 MEDIUM PATCH This Month

A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Trend Micro XXE Information Disclosure Control Manager
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-1052 MEDIUM PATCH This Month

Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PostgreSQL
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-1000029 MEDIUM This Month

mcholste Enterprise Log Search and Archive (ELSA) version revision 1205, commit 2cc17f1 and earlier contains a Cross Site Scripting (XSS) vulnerability in index view (/) that can result in . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elsa
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-1401 MEDIUM PATCH This Month

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Portal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-1298 MEDIUM PATCH This Month

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Apache Qpid Broker J
NVD
CVSS 3.0
5.9
EPSS
2.4%
CVE-2018-1000022 MEDIUM This Month

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Bitcoin Wallet
NVD GitHub
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-1000021 MEDIUM This Month

GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Git
NVD
CVSS 3.1
5.0
EPSS
1.1%
CVE-2018-1000062 MEDIUM PATCH This Month

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

File Upload XSS Wondercms
NVD GitHub
CVSS 3.0
4.4
EPSS
0.6%
CVE-2018-1368 MEDIUM PATCH This Month

IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 could allow a local user with low privileges to view report pages and perform some actions that only an admin should be performing,. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Security Guardium Database Activity Monitor
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2018-1000057 MEDIUM PATCH This Month

Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it provides to build processes in their build logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Credentials Binding
NVD
CVSS 3.0
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy