Skip to main content
CVE-2018-10916 MEDIUM POC PATCH This Month

It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Lftp Ubuntu Linux Leap
NVD GitHub
CVSS 3.0
6.5
EPSS
4.8%
CVE-2018-14777 MEDIUM POC This Month

An issue was discovered in DataLife Engine (DLE) through 13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Datalife Engine
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10624 MEDIUM This Month

In Johnson Controls Metasys System Versions 8.0 and prior and BCPro (BCM) all versions prior to 3.0.2, this vulnerability results from improper error handling in HTTP-based communications with the. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bcpro Metasys System
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-0391 MEDIUM This Month

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Cisco Prime Collaboration Prime Collaboration Provisioning
NVD
CVSS 3.0
6.5
EPSS
2.7%
CVE-2018-12467 MEDIUM This Month

Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-12466 MEDIUM This Month

openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Build Service
NVD GitHub
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-1999036 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Ssh Agent
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-1999033 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Anchore Container Image Scanner Plugin 10.16 and earlier in AnchoreBuilder.java that allows attackers with Item/ExtendedRead. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Container Image Scanner
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2018-1999032 MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Agiletestware Pangolin Connector for TestRail Plugin 2.1 and earlier in GlobalConfig.java that allows attackers with Overall/Read permission to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Privilege Escalation Jenkins Pangolin Connector For Testrail
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1999031 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Meliora Testlab
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1999026 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java that allows attackers to have Jenkins send HTTP requests to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins SSRF Tracetronic Ecu Test
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-0411 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Unified Communications Manager
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0406 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Web Security Appliance
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0397 MEDIUM PATCH This Month

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Cisco Denial Of Service Apple Advanced Malware Protection For Endpoints
NVD
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-3671 MEDIUM This Month

Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Saffron Memorybase
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2018-3663 MEDIUM This Month

Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Saffron Memorybase
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2018-1999041 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Tinfoil Security Plugin 1.6.1 and earlier in TinfoilScanRecorder.java that allows attackers with file system access to the Jenkins. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Tinfoil Security
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-14775 MEDIUM PATCH This Month

tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Openbsd
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-0408 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sf300 08 Firmware Sf302 08 Firmware Sf302 08P Firmware +25
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-0407 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Sf300 08 Firmware Sf302 08 Firmware Sf302 08P Firmware +25
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-10894 MEDIUM PATCH This Month

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Keycloak Single Sign On
NVD
CVSS 3.0
5.4
EPSS
0.4%
CVE-2018-1999030 MEDIUM PATCH This Month

An exposure of sensitive information vulnerability exists in Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.3.1 and earlier in ArtifactoryChoiceListProvider.java,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Maven Artifact Choicelistprovider Nexus
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1999029 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Shelve Project
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-14776 MEDIUM This Month

Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Passwordstate
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-1999039 MEDIUM PATCH This Month

A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Atlassian Jenkins SSRF Confluence Publisher
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-1999037 MEDIUM PATCH This Month

A data modification vulnerability exists in Jenkins Resource Disposer Plugin 0.11 and earlier in AsyncResourceDisposer.java that allows attackers to stop tracking a resource. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure Resource Disposer
NVD
CVSS 3.0
4.3
EPSS
0.8%
CVE-2018-1999038 MEDIUM PATCH This Month

A confused deputy vulnerability exists in Jenkins Publisher Over CIFS Plugin 0.10 and earlier in CifsPublisherPluginDescriptor.java that allows attackers to have Jenkins connect to an attacker. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Java Jenkins Information Disclosure Publish Over Cifs
NVD
CVSS 3.0
4.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy