Skip to main content
CVE-2018-10057 MEDIUM POC This Month

The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Bfgminer Cgminer
NVD GitHub
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-1000198 MEDIUM PATCH This Month

A XML external entity processing vulnerability exists in Jenkins Black Duck Hub Plugin 3.1.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read permission to make. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XXE Black Duck Hub
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000196 MEDIUM This Month

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure Gitlab Hook
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-1000191 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Detect Plugin 1.4.0 and older in DetectPostBuildStepDescriptor.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Synopsys Detect
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000190 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Black Duck Hub Plugin 4.0.0 and older in PostBuildScanDescriptor.java that allows attackers with Overall/Read access to connect to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Black Duck Hub
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000187 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Kubernetes Plugin 1.7.0 and older in ContainerExecDecorator.java that results in sensitive variables such as passwords being. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Kubernetes Jenkins Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1000186 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins GitHub Pull Request Builder Plugin 1.41.0 and older in GhprbGitHubAuth.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github Pull Request Builder
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000183 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubServerConfig.java that allows attackers with Overall/Read access to connect to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Github
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1332 MEDIUM PATCH This Month

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Storm
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-1000182 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Git
NVD
CVSS 3.0
6.4
EPSS
0.8%
CVE-2018-1432 MEDIUM This Month

IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-11735 MEDIUM This Month

index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ximdex
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1454 MEDIUM This Month

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-8008 MEDIUM PATCH This Month

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Storm
NVD
CVSS 3.0
5.5
EPSS
2.4%
CVE-2018-1000200 MEDIUM PATCH This Month

The Linux Kernel versions 4.14, 4.15, and 4.16 has a null pointer dereference which can result in an out of memory (OOM) killing of large mlocked processes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-1000202 MEDIUM PATCH This Month

A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Groovy Postbuild
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000188 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins CAS Plugin 1.4.1 and older in CasSecurityRealm.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Cas
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1000184 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Github
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-8924 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Synology Office
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-8923 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology File Station
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-10599 MEDIUM This Month

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Intellivue Mp2 Firmware Intellivue X2 Firmware Intellivue Mp30 Firmware Intellivue Mp50 Firmware +14
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-3691 MEDIUM This Month

Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. Rated medium severity (CVSS 4.7). No vendor patch available.

Intel Information Disclosure Integrated Performance Primitives Cryptography
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-1000195 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Java CSRF Jenkins SSRF Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2018-1000193 MEDIUM PATCH This Month

A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2018-1000192 MEDIUM PATCH This Month

A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Java Jenkins Information Disclosure Communications Cloud Native Core Automated Test Suite
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2018-1000185 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Github Branch Source
NVD
CVSS 3.0
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy