Skip to main content
CVE-2018-11265 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Mozilla Linux Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2018-11071 HIGH This Week

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Denial Of Service Isilon Onefs Isilonsd Edge
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-6690 HIGH This Week

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft RCE Application Change Control
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2018-11278 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
7.1
EPSS
0.2%
CVE-2018-11818 HIGH PATCH This Week

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Rated high severity (CVSS 7.0).

Google Information Disclosure Linux Race Condition Mozilla +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2018-7929 MEDIUM This Month

Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate Rs Firmware
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2018-11084 MEDIUM This Month

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Garden Runc
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-13398 MEDIUM This Month

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Crucible Fisheye
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-16956 MEDIUM This Month

The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Webcenter Interaction
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-17177 LOW POC Monitor

An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Botvac D4 Connected Firmware Botvac D6 Connected Firmware Botvac D5 Connected Firmware Botvac D7 Connected Firmware +2
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2018-15546 MEDIUM This Month

Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Prizmdoc
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16955 MEDIUM This Month

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Webcenter Interaction
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16953 MEDIUM This Month

The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Webcenter Interaction
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-11293 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2018-11280 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-11275 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-16958 MEDIUM This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Webcenter Interaction
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-6693 MEDIUM This Month

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. Rated medium severity (CVSS 5.3). No vendor patch available.

Privilege Escalation Endpoint Security For Linux Threat Prevention Endpoint Security Linux Threat Prevention
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2018-17175 MEDIUM PATCH This Month

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Marshmallow
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-14642 MEDIUM PATCH This Month

An information leak vulnerability was found in Undertow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Undertow Jboss Enterprise Application Platform
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2018-16959 MEDIUM This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Webcenter Interaction
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-7991 MEDIUM This Month

Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate10 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy