Skip to main content
CVE-2018-11450 MEDIUM POC This Month

A reflected Cross-Site-Scripting (XSS) vulnerability has been identified in Siemens PLM Software TEAMCENTER (V9.1.2.5). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siemens Teamcenter Product Lifecycle Management
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13256 MEDIUM POC This Month

PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Auditor Website Project
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2018-13785 MEDIUM PATCH This Month

In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Integer Overflow Libpng Ubuntu Linux Jdk +4
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
3.7%
CVE-2018-13787 MEDIUM This Month

Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure X11Ssz Firmware X11Ssv Firmware X11Ssql Firmware X11Ssq Firmware +106
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-5001 MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
6.5
EPSS
13.3%
CVE-2018-5000 MEDIUM PATCH This Month

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe Information Disclosure Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
6.5
EPSS
14.5%
CVE-2018-4999 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, and 2015.006.30394 and earlier have an Out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure RCE Buffer Overflow Acrobat +3
NVD
CVSS 3.0
6.5
EPSS
10.0%
CVE-2018-4979 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
6.5
EPSS
10.5%
CVE-2018-4972 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
6.5
EPSS
10.4%
CVE-2018-4951 MEDIUM PATCH This Month

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Buffer Overflow Acrobat Dc Acrobat Reader Dc
NVD
CVSS 3.0
6.5
EPSS
10.4%
CVE-2018-1000611 MEDIUM PATCH This Month

SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting (XSS) vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Openconext Engineblock
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13034 MEDIUM This Month

Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via "..%f" sequences. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jester
NVD GitHub
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-1548 MEDIUM This Month

IBM API Connect 2018.1.0.0, 2018.2.1, 2018.2.2, 2018.2.3, and 2018.2.4 contains a vulnerability that could allow an authenticated user to obtain sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
4.3
EPSS
1.3%
CVE-2018-1000402 MEDIUM PATCH This Month

Jenkins project Jenkins AWS CodeDeploy Plugin version 1.19 and earlier contains a File and Directory Information Exposure vulnerability in AWSCodeDeployPublisher.java that can result in Disclosure of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Aws Codedeploy
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy