Skip to main content
CVE-2018-16225 MEDIUM POC This Month

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Qbee Multi Sensor Camera Firmware Qbeecam Swisscom Home App
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-16954 MEDIUM POC This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle Open Redirect Webcenter Interaction
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-14641 MEDIUM POC PATCH This Month

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.9
EPSS
2.9%
CVE-2018-16671 MEDIUM POC This Month

An issue was discovered in CIRCONTROL CirCarLife before 4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Circarlife Scada
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
8.9%
CVE-2018-16670 MEDIUM POC THREAT This Month

An issue was discovered in CIRCONTROL CirCarLife before 4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Circarlife Scada
NVD GitHub Exploit-DB
CVSS 3.0
5.3
EPSS
24.6%
CVE-2018-16668 MEDIUM POC This Month

An issue was discovered in CIRCONTROL CirCarLife before 4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Circarlife Scada
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
9.5%
CVE-2018-17178 MEDIUM POC This Month

An issue was discovered on Neato Botvac Connected 2.2.0 devices. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Botvac D4 Connected Firmware Botvac D6 Connected Firmware Botvac D5 Connected Firmware Botvac D7 Connected Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2018-16819 MEDIUM POC This Month

admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Monstra
NVD GitHub
CVSS 3.0
4.9
EPSS
1.3%
CVE-2018-7929 MEDIUM This Month

Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate Rs Firmware
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2018-11084 MEDIUM This Month

Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Garden Runc
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-13398 MEDIUM This Month

The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Crucible Fisheye
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-16956 MEDIUM This Month

The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Webcenter Interaction
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-15546 MEDIUM This Month

Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Prizmdoc
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16955 MEDIUM This Month

The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Webcenter Interaction
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16953 MEDIUM This Month

The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Webcenter Interaction
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-11293 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Google Mozilla +1
NVD
CVSS 3.0
5.7
EPSS
0.4%
CVE-2018-11280 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-11275 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Mozilla Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-16958 MEDIUM This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Webcenter Interaction
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-6693 MEDIUM This Month

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. Rated medium severity (CVSS 5.3). No vendor patch available.

Privilege Escalation Endpoint Security For Linux Threat Prevention Endpoint Security Linux Threat Prevention
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2018-17175 MEDIUM PATCH This Month

In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Marshmallow
NVD GitHub
CVSS 3.0
5.3
EPSS
1.9%
CVE-2018-14642 MEDIUM PATCH This Month

An information leak vulnerability was found in Undertow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Undertow Jboss Enterprise Application Platform
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2018-16959 MEDIUM This Month

An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Webcenter Interaction
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-7991 MEDIUM This Month

Huawei smartphones Mate10 with versions earlier before ALP-AL00B 8.0.0.110(C00) have a Factory Reset Protection (FRP) bypass vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate10 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy