Skip to main content
CVE-2018-1159 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Buffer Overflow Routeros
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1158 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1157 MEDIUM POC This Month

Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD
CVSS 3.0
6.5
EPSS
4.4%
CVE-2018-6558 MEDIUM PATCH This Month

The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Fscrypt
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-1999047 MEDIUM PATCH This Month

A improper authorization vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in UpdateCenter.java that allows attackers to cancel a Jenkins restart scheduled through the update. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-1999044 MEDIUM PATCH This Month

A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in CronTab.java that allows attackers with Overall/Read permission to have a request handling thread enter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Denial Of Service
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-15809 MEDIUM This Month

AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Accupos
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-1999045 MEDIUM PATCH This Month

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Authentication Bypass Jenkins
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1999042 MEDIUM PATCH This Month

A vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in XStream2.java that allows attackers to have Jenkins resolve a domain name when deserializing an instance of java.net.URL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Jenkins Deserialization
NVD
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-1999046 MEDIUM PATCH This Month

A exposure of sensitive information vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in Computer.java that allows attackers With Overall/Read permission to access the connection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Jenkins Information Disclosure
NVD
CVSS 3.0
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy