Skip to main content
CVE-2018-10801 MEDIUM POC This Month

TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libtiff
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-10799 MEDIUM POC This Month

A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-10798 MEDIUM POC This Month

A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-10806 MEDIUM POC This Month

An issue was discovered in Frog CMS 0.9.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Frogcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2018-1000176 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Email Extension
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000175 MEDIUM PATCH This Month

A path traversal vulnerability exists in Jenkins HTML Publisher Plugin 1.15 and older in HtmlPublisherTarget.java that allows attackers able to configure the HTML Publisher build step to override. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Path Traversal Html Publisher
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-10805 MEDIUM PATCH This Month

ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-10804 MEDIUM This Month

ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage in coders/tiff.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-1000174 MEDIUM PATCH This Month

An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Java Jenkins Open Redirect Google Login
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-1248 MEDIUM This Month

RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Authentication Manager
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-1000173 MEDIUM PATCH This Month

A session fixaction vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows unauthorized attackers to impersonate another user if they can. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Jenkins Java Google Authentication Bypass +1
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-6921 MEDIUM This Month

In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6920 MEDIUM This Month

In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6511 MEDIUM This Month

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Puppet Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-6510 MEDIUM This Month

A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Puppet Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2018-1000177 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins S3 Plugin 0.10.12 and older in src/main/resources/hudson/plugins/s3/S3ArtifactsProjectAction/jobMain.jelly that allows attackers able to control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS S3 Publisher
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10812 MEDIUM This Month

The Bitpie application through 3.2.4 for Android and iOS uses cleartext storage for digital currency initial keys, which allows local users to steal currency by leveraging root access to read. Rated medium severity (CVSS 4.1). No vendor patch available.

Google Information Disclosure Apple Bitcoin Wallet
NVD GitHub
CVSS 3.0
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy