Skip to main content
CVE-2018-0604 HIGH This Week

Pixelpost v1.7.3 and earlier allows remote code execution via unspecified vectors. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Pixelpost
NVD
CVSS 3.0
7.2
EPSS
1.8%
CVE-2018-11053 MEDIUM PATCH This Month

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Dell Information Disclosure Emc Idrac Service Module
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-1374 MEDIUM This Month

An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Websphere Mq
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-1000609 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins Configuration as Code Plugin 0.7-alpha and earlier in ConfigurationAsCode.java that allows attackers with Overall/Read access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Configuration As Code
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000607 MEDIUM PATCH This Month

A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and earlier in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Fortify Cloudscan
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1000606 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins URLTrigger Plugin 0.41 and earlier in URLTrigger.java that allows attackers with Overall/Read access to cause Jenkins to send a GET. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Urltrigger
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-1000601 MEDIUM PATCH This Month

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Ssh Credentials
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-12884 MEDIUM This Month

In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Octopus Deploy
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-0567 MEDIUM This Month

Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Office
NVD
CVSS 3.0
6.3
EPSS
0.8%
CVE-2018-12711 MEDIUM This Month

An XSS issue was discovered in the language switcher module in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-1000528 MEDIUM PATCH This Month

GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Debian Linux Gosa
NVD GitHub
CVSS 3.0
6.1
EPSS
46.3%
CVE-2018-1000516 MEDIUM PATCH This Month

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Galaxy
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-0612 MEDIUM This Month

Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 5000 Trillion Yen Converter
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-0605 MEDIUM This Month

Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pixelpost
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0603 MEDIUM This Month

Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Site Reviews
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-0602 MEDIUM This Month

Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Subscribers Newsletters
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-0574 MEDIUM This Month

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0565 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Office
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0559 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailwise
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0558 MEDIUM This Month

Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailwise
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0557 MEDIUM This Month

Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailwise
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0527 MEDIUM This Month

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Office
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-1000602 MEDIUM PATCH This Month

A session fixation vulnerability exists in Jenkins SAML Plugin 1.0.6 and earlier in SamlSecurityRealm.java that allows unauthorized attackers to impersonate another users if they can control the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Session Fixation Jenkins Authentication Bypass Saml
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-1000205 MEDIUM PATCH This Month

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass U Boot
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2018-1000604 MEDIUM PATCH This Month

A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins XSS Badge
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0570 MEDIUM This Month

Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote authenticated attackers to inject arbitrary web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Basercms
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000549 MEDIUM This Month

Wekan version 1.04.0 contains a Email / Username Enumeration vulnerability in Register' and 'Forgot your password?' pages that can result in A remote attacker could perform a brute force attack to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wekan
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-1000547 MEDIUM This Month

coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Corebos
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2018-1000539 MEDIUM PATCH This Month

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Json Jwt
NVD GitHub
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-1000204 MEDIUM PATCH This Month

Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Linux Linux Kernel Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-0575 MEDIUM This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction in mail form to view a file which is uploaded by a site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Basercms
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-0573 MEDIUM PATCH This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Basercms
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-4861 MEDIUM This Month

A vulnerability has been identified in SCALANCE M875 (All versions). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Siemens Path Traversal Scalance M875 Firmware
NVD
CVSS 3.0
4.9
EPSS
1.9%
CVE-2018-11448 MEDIUM This Month

A vulnerability has been identified in SCALANCE M875 (All versions). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF XSS Siemens Scalance M875 Firmware
NVD
CVSS 3.0
4.8
EPSS
0.3%
CVE-2018-1000532 MEDIUM This Month

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by. Rated medium severity (CVSS 4.7). No vendor patch available.

Path Traversal Beep
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-1000503 MEDIUM This Month

MyBB Group MyBB contains a Incorrect Access Control vulnerability in Private forums that can result in Users can view posts from private forums without having the password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Mybb
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-0571 MEDIUM PATCH This Month

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers with a site operator privilege to upload arbitrary files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Basercms
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-0566 MEDIUM This Month

Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Office
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2018-0529 MEDIUM This Month

Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Office
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-0528 MEDIUM This Month

Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
4.3
EPSS
0.9%
CVE-2018-0526 MEDIUM This Month

Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
4.3
EPSS
1.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy