Skip to main content
CVE-2018-15907 MEDIUM POC This Month

Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tc8305C Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-16134 MEDIUM POC This Month

Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cybrohttpserver
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
4.0%
CVE-2018-15562 MEDIUM POC This Month

CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Isweb
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-16133 MEDIUM POC THREAT This Month

Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cybrohttpserver
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
39.3%
CVE-2018-6597 MEDIUM This Month

The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation A30 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-8004 MEDIUM PATCH This Month

There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server (ATS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Apache Information Disclosure Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
6.3%
CVE-2018-12806 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
3.9%
CVE-2018-12240 MEDIUM This Month

The Norton Identity Safe product prior to 5.3.0.976 may be susceptible to a privilege escalation issue via a hard coded IV, which is a type of vulnerability that can potentially increase the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Privilege Escalation Norton Password Manager
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2018-12824 MEDIUM PATCH This Month

Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Adobe Information Disclosure Buffer Overflow Flash Player Desktop Runtime Flash Player +3
NVD
CVSS 3.0
5.9
EPSS
10.9%
CVE-2018-6599 MEDIUM This Month

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Wonder Rc555L Firmware
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-15746 MEDIUM PATCH This Month

qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-16062 MEDIUM This Month

dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Elfutils Debian Linux +5
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2018-7795 MEDIUM This Month

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic (PM5560 prior to FW version 2.5.4) product. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Schneider Electric XSS Java Powerlogic Pm5560 Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2018-15880 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-8040 MEDIUM PATCH This Month

Pages that are rendered using the ESI plugin can have access to the cookie header when the plugin is configured not to allow access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Information Disclosure Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
8.6%
CVE-2018-8005 MEDIUM This Month

When there are multiple ranges in a range request, Apache Traffic Server (ATS) will read the entire object from cache. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Traffic Server Debian Linux
NVD GitHub
CVSS 3.0
5.3
EPSS
6.9%
CVE-2018-12807 MEDIUM This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have an input validation bypass vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adobe Experience Manager
NVD
CVSS 3.0
5.3
EPSS
4.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy