Skip to main content
CVE-2018-3748 MEDIUM POC PATCH This Month

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Glance
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-3747 MEDIUM POC PATCH This Month

The public node module versions <= 1.0.3 allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Public Js
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13065 MEDIUM POC This Month

ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Modsecurity
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-12255 MEDIUM POC This Month

An XSS issue was discovered in InvoicePlane 1.5.10 via the "Quote PDF Password(Optional)" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Invoiceplane
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-13121 MEDIUM POC This Month

RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Realone Player
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-13099 MEDIUM POC PATCH This Month

An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.4. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Linux Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2018-13094 MEDIUM POC PATCH This Month

An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
2.2%
CVE-2018-13106 MEDIUM POC This Month

ClipperCMS 1.3.3 has stored XSS via the "Tools -> Configuration" screen of the manager/ URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-13122 MEDIUM This Month

onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Onefilecms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2018-8036 MEDIUM PATCH This Month

In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Pdfbox
NVD
CVSS 3.0
6.5
EPSS
4.8%
CVE-2018-7770 MEDIUM This Month

The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-4855 MEDIUM This Month

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-8870 MEDIUM This Month

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass 24950 Mycarelink Monitor Firmware 24952 Mycarelink Monitor Firmware
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2018-8868 MEDIUM This Month

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the. Rated medium severity (CVSS 6.2). No vendor patch available.

RCE 24950 Mycarelink Monitor Firmware 24952 Mycarelink Monitor Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2018-7636 MEDIUM This Month

The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-7786 MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, a cross site scripting (XSS) vulnerability exists which could allow injection of malicious scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS U Motion Builder
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-10855 MEDIUM PATCH This Month

Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ansible Engine Cloudforms Openstack Virtualization +2
NVD
CVSS 3.1
5.9
EPSS
3.1%
CVE-2018-9334 MEDIUM This Month

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Pan Os
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-9242 MEDIUM This Month

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Pan Os
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-13100 MEDIUM This Month

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Debian Linux
NVD
CVSS 3.0
5.5
EPSS
2.4%
CVE-2018-13098 MEDIUM This Month

An issue was discovered in fs/f2fs/inode.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-13097 MEDIUM This Month

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-13096 MEDIUM PATCH This Month

An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Linux Linux Kernel +3
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2018-13095 MEDIUM PATCH This Month

An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Linux Denial Of Service Buffer Overflow Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-13093 MEDIUM PATCH This Month

An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-9337 MEDIUM This Month

The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-9335 MEDIUM This Month

The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Paloalto Pan Os
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-7635 MEDIUM This Month

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Whale
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-7787 MEDIUM This Month

In Schneider Electric U.motion Builder software versions prior to v1.3.4, this vulnerability is due to improper validation of input of context parameter in HTTP GET request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure U Motion Builder
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-1113 MEDIUM This Month

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Setup Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-4856 MEDIUM This Month

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siclock Tc400 Firmware Siclock Tc100 Firmware
NVD
CVSS 3.0
4.9
EPSS
1.3%
CVE-2018-7776 MEDIUM This Month

The vulnerability exists within error.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Information Disclosure PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-7764 MEDIUM This Month

The vulnerability exists within runscript.php applet in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-7763 MEDIUM This Month

The vulnerability exists within css.inc.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric Path Traversal PHP U Motion Builder
NVD
CVSS 3.0
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy