Skip to main content
CVE-2018-3657 MEDIUM PATCH This Month

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Intel RCE Buffer Overflow Simatic Field Pg M5 Firmware Simatic Ipc427E Firmware +12
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2018-12150 MEDIUM PATCH This Month

Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Intel Privilege Escalation Buffer Overflow Extreme Tuning Utility
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-16389 MEDIUM PATCH This Month

e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi PHP E107
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-16950 MEDIUM This Month

Inteno DG400 WU7U_ELION3.11.6-170614_1328 devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses, as demonstrated by macof. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dg400 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-3616 MEDIUM PATCH This Month

Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Intel Information Disclosure Converged Security Management Engine Firmware Active Management Technology Firmware Manageability Engine Firmware +11
NVD
CVSS 3.1
5.9
EPSS
2.4%
CVE-2018-12151 MEDIUM PATCH This Month

Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Denial Of Service Buffer Overflow Extreme Tuning Utility
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-12149 MEDIUM PATCH This Month

Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Intel Buffer Overflow Extreme Tuning Utility
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-7906 MEDIUM This Month

Some Huawei smart phones with software of Leland-AL00 8.0.0.114(C636), Leland-AL00A 8.0.0.171(C00) have a denial of service (DoS) vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Leland Al00 Firmware Lleland Al00A Firmware
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-16728 MEDIUM This Month

feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Feindura
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-3658 MEDIUM PATCH This Month

Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Intel Denial Of Service Simatic Field Pg M5 Firmware Simatic Ipc427E Firmware Simatic Ipc477E Firmware +11
NVD
CVSS 3.1
5.3
EPSS
3.3%
CVE-2018-12160 MEDIUM This Month

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Data Migration Software
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2018-12163 MEDIUM This Month

A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Iot Developers Kit
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-7939 MEDIUM This Month

Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei G9 Lite Firmware Honor 5A Firmware Honor 5A +2
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-1773 MEDIUM PATCH This Month

IBM Datacap Fastdoc Capture 9.1.1, 9.1.3, and 9.1.4 could allow an authenticated user to bypass future authentication mechanisms once the initial login is completed. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Datacap
NVD
CVSS 3.0
4.3
EPSS
1.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy