Skip to main content
CVE-2018-10943 HIGH PATCH This Week

An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Clickshare Cse 200 Firmware Clickshare Cs 100 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1128 HIGH PATCH This Week

It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-10891 HIGH PATCH This Week

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle
NVD
CVSS 3.1
7.3
EPSS
2.1%
CVE-2018-1492 MEDIUM This Month

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Session Fixation IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Team Concert +5
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-3632 MEDIUM This Month

Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Memory Corruption Buffer Overflow Active Management Technology Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2018-3629 MEDIUM This Month

Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Buffer Overflow Active Management Technology Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2018-1423 MEDIUM This Month

IBM Jazz Foundation products could disclose sensitive information to an authenticated attacker that could be used in further attacks against the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Team Concert Rational Doors Next Generation +4
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-1129 MEDIUM PATCH This Month

A flaw was found in the way signature calculation was handled by cephx authentication protocol. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Ceph Storage Ceph Storage Mon Ceph Storage Osd Enterprise Linux +6
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-10888 MEDIUM PATCH This Month

A flaw was found in libgit2 before version 0.27.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libgit2 Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-12462 MEDIUM This Month

NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Imanager
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-2435 MEDIUM This Month

SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-2431 MEDIUM PATCH This Month

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-2439 MEDIUM This Month

The SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, has insufficient request validation (for example, where the request is validated for authenticity and validity) and under. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service SAP Internet Graphics Server
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-3693 MEDIUM PATCH This Month

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer. Rated medium severity (CVSS 5.6).

Buffer Overflow Atom C Atom E Atom X3 Atom Z +221
NVD
CVSS 3.1
5.6
EPSS
8.4%
CVE-2018-10872 MEDIUM PATCH This Month

A flaw was found in the way the Linux kernel handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Red Hat Privilege Escalation Linux Enterprise Linux Enterprise Linux Desktop +2
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-2432 MEDIUM PATCH This Month

SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions 4.10, 4.20 and 4.30 allow an attacker to include invalidated data in the HTTP response header sent to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SAP Businessobjects Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-1549 MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1523 MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1396 MEDIUM PATCH This Month

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Quality Manager
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1521 MEDIUM PATCH This Month

IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-1408 MEDIUM PATCH This Month

IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1407 MEDIUM PATCH This Month

IBM Rational Team Concert 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Rational Team Concert
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-13388 MEDIUM PATCH This Month

The review attachment resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Atlassian XSS Crucible Fisheye
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-10890 MEDIUM PATCH This Month

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.0
5.3
EPSS
2.1%
CVE-2018-10889 MEDIUM PATCH This Month

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Moodle
NVD
CVSS 3.0
5.3
EPSS
2.1%
CVE-2018-13389 MEDIUM PATCH This Month

The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Mozilla Atlassian Information Disclosure Confluence
NVD
CVSS 3.0
4.7
EPSS
1.0%
CVE-2018-3619 MEDIUM This Month

Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Core I7 Core I5 Core I3 +14
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-1116 MEDIUM PATCH This Month

A flaw was found in polkit before version 0.116. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Authentication Bypass Information Disclosure Debian Linux Ubuntu Linux Polkit
NVD
CVSS 3.1
4.4
EPSS
1.2%
CVE-2018-2440 MEDIUM This Month

Under certain circumstances SAP Dynamic Authorization Management (DAM) by NextLabs (Java Policy Controller versions 7.7 and 8.5) exposes sensitive information in the application logs. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure SAP Dynamic Authorization Management
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2018-2434 MEDIUM This Month

A content spoofing vulnerability in the following components allows to render html pages containing arbitrary plain text content, which might fool an end user: UI add-on for SAP NetWeaver (UI_Infra,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Ui Infra User Interface Technology
NVD
CVSS 3.0
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy