Skip to main content
CVE-2018-8308 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7,. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
6.6
EPSS
3.6%
CVE-2018-0029 MEDIUM This Month

While experiencing a broadcast storm, placing the fxp0 interface into promiscuous mode via the 'monitor traffic interface fxp0' can cause the system to crash and restart (vmcore). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-10232 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to hijack the authentication of authenticated users for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Topdesk
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2018-8305 MEDIUM This Month

An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows Calendar Windows Mail Windows People
NVD
CVSS 3.0
6.5
EPSS
7.8%
CVE-2018-8276 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
6.5
EPSS
5.3%
CVE-2018-0949 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Internet Explorer
NVD
CVSS 3.0
6.5
EPSS
11.0%
CVE-2018-10231 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Topdesk
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-13878 MEDIUM This Month

An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-8278 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
6.1
EPSS
6.4%
CVE-2018-11045 MEDIUM This Month

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Operations Manager
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-0034 MEDIUM This Month

A Denial of Service vulnerability exists in the Juniper Networks Junos OS JDHCPD daemon which allows an attacker to core the JDHCPD daemon by sending a crafted IPv6 packet to the system. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
5.9
EPSS
2.1%
CVE-2018-0031 MEDIUM This Month

Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-0027 MEDIUM This Month

Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
5.9
EPSS
2.4%
CVE-2018-8304 MEDIUM PATCH This Month

A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.9
EPSS
11.8%
CVE-2018-8356 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Net Framework Powershell Core Net Core +2
NVD
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-8309 MEDIUM PATCH This Month

A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-8306 MEDIUM PATCH This Month

A command injection vulnerability exists in the Microsoft Wireless Display Adapter (MWDA) when the Microsoft Wireless Display Adapter does not properly manage user input, aka "Microsoft Wireless. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Command Injection Wireless Display Adapter Firmware
NVD
CVSS 3.0
5.5
EPSS
2.9%
CVE-2018-13879 MEDIUM This Month

A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-8326 MEDIUM PATCH This Month

A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Web Customizations
NVD
CVSS 3.0
5.4
EPSS
2.4%
CVE-2018-8323 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.3%
CVE-2018-8299 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server Sharepoint Foundation
NVD
CVSS 3.0
5.4
EPSS
2.3%
CVE-2018-8307 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Microsoft WordPad improperly handles embedded OLE objects, aka "WordPad Security Feature Bypass Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.3
EPSS
3.4%
CVE-2018-8222 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
2.0%
CVE-2018-8314 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
4.7
EPSS
3.7%
CVE-2018-8325 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
5.7%
CVE-2018-8324 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
9.3%
CVE-2018-8297 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
9.3%
CVE-2018-8289 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
9.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy