Skip to main content
CVE-2018-10840 MEDIUM POC This Month

Linux kernel is vulnerable to a heap-based buffer overflow in the fs/ext4/xattr.c:ext4_xattr_set_entry() function. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Heap Overflow Linux Buffer Overflow Linux Kernel Ubuntu Linux +1
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2018-13980 MEDIUM POC This Month

The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Zeta Producer
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
6.9%
CVE-2018-13832 MEDIUM POC This Month

Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Apple All In One Favicon
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
2.0%
CVE-2018-5239 MEDIUM This Month

Norton App Lock prior to v1.3.0.332 can be susceptible to a bypass exploit. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Norton App Lock
NVD
CVSS 3.0
6.2
EPSS
0.4%
CVE-2018-0366 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Web Security Appliance
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-13387 MEDIUM This Month

The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian XSS Jira Jira Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-0384 MEDIUM This Month

A vulnerability in the detection engine of Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass a URL-based access control policy that is configured to block. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Secure Firewall Management Center
NVD
CVSS 3.0
5.8
EPSS
2.5%
CVE-2018-0360 MEDIUM This Month

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Clamav Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-5229 MEDIUM PATCH This Month

The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Atlassian XSS Universal Plugin Manager
NVD
CVSS 3.0
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy