Skip to main content
CVE-2018-16832 MEDIUM POC This Month

CSRF in the anti-csrf decorator in xunfeng 0.2.0 allows an attacker to modify the configuration via a Flash file because views/lib/AntiCSRF.py can overwrite the request.host value with the content of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Xunfeng
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-16831 MEDIUM POC PATCH This Month

Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Smarty
NVD GitHub
CVSS 3.0
5.9
EPSS
2.7%
CVE-2018-10937 MEDIUM POC PATCH This Month

A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-2457 MEDIUM This Month

Under certain conditions SAP Adaptive Server Enterprise, version 16.0, allows some privileged users to access information which would otherwise be restricted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Adaptive Server Enterprise
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1114 MEDIUM PATCH This Month

It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Undertow Virtualization Virtualization Host
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-10935 MEDIUM This Month

A flaw was found in the 389 Directory Server that allows users to cause a crash in the LDAP server using ldapsearch with server side sort. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service 389 Directory Server
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-2464 MEDIUM This Month

SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-2452 MEDIUM This Month

The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS SAP Netweaver Application Server Java
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2018-15898 MEDIUM This Month

The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Music Streamer
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-11070 MEDIUM This Month

RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Bsafe Crypto J Rsa Bsafe Ssl J
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2018-11069 MEDIUM This Month

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Bsafe Ssl J
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2018-2460 MEDIUM This Month

SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure SAP Business One
NVD
CVSS 3.0
5.9
EPSS
0.8%
CVE-2018-6975 MEDIUM This Month

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Intelligent Hub
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6976 MEDIUM This Month

The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Apple Workspace One
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2018-11068 MEDIUM This Month

RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bsafe Ssl J
NVD
CVSS 3.1
4.6
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy