Skip to main content
CVE-2018-9145 MEDIUM POC This Month

In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-9133 MEDIUM POC This Month

ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage and EncodeLabImage functions (coders/tiff.c), which results in a hang (tens of minutes) with a tiny PoC file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.3%
CVE-2018-9132 MEDIUM POC This Month

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-7203 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Twonky Server
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-9136 MEDIUM POC This Month

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file, a different vulnerability than CVE-2018-8821. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Windriver
NVD GitHub
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-3817 MEDIUM This Month

When logging warnings regarding deprecated settings, Logstash before 5.6.6 and 6.x before 6.1.2 could inadvertently log sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Logstash
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1233 MEDIUM This Month

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Authentication Agent For Web
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-3821 MEDIUM This Month

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-3820 MEDIUM This Month

Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-3819 MEDIUM This Month

The fix in Kibana for ESA-2017-23 was incomplete. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Open Redirect Kibana
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-3818 MEDIUM This Month

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-3741 MEDIUM PATCH This Month

There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Html Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2018-9147 MEDIUM This Month

Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gespage
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-5799 MEDIUM This Month

In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Servicedesk Plus
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-9140 MEDIUM This Month

On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Samsung Samsung Mobile
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-9130 MEDIUM This Month

IBOS 4.4.3 has XSS via a company full name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ibos
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-1234 MEDIUM This Month

RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Agent For Web
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-9151 MEDIUM This Month

A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Internet Security 9 Plus
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-9138 MEDIUM This Month

An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.29 and 2.30. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-1390 MEDIUM PATCH This Month

IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1384 MEDIUM This Month

IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Business Process Manager Websphere Enterprise Service Bus Websphere Process Server +1
NVD
CVSS 3.0
5.4
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy