Skip to main content
CVE-2018-13095 MEDIUM PATCH This Month

An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Denial Of Service Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-13093 MEDIUM PATCH This Month

An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-9337 MEDIUM This Month

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-9335 MEDIUM This Month

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-7635 MEDIUM This Month

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-7787 MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-1113 MEDIUM This Month

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Setup Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-4856 MEDIUM This Month

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
4.9
EPSS
1.3%
CVE-2018-7776 MEDIUM This Month

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-7764 MEDIUM This Month

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-7763 MEDIUM This Month

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
1.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy