Skip to main content
CVE-2018-17230 MEDIUM POC This Month

Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-17229 MEDIUM POC This Month

Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Exiv2
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-16607 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Audit
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-3826 MEDIUM This Month

In Elasticsearch versions 6.0.0-beta1 to 6.2.4 a disclosure flaw was found in the _snapshot API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-1782 MEDIUM This Month

IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap,. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2018-14792 MEDIUM This Month

WECON PLC Editor version 1.3.3U may allow an attacker to execute code under the current process when processing project files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Plc Editor
NVD
CVSS 3.0
6.3
EPSS
1.3%
CVE-2018-3830 MEDIUM This Month

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XSS Kibana Openshift Container Platform
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2018-3824 MEDIUM PATCH This Month

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elasticsearch X Pack Kibana X Pack Logstash X Pack
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-3825 MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 a default master encryption key is used in the process of granting ZooKeeper access to Elasticsearch clusters. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Information Disclosure Elastic Cloud Enterprise
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2018-11762 MEDIUM PATCH This Month

In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Path Traversal Tika
NVD
CVSS 3.0
5.9
EPSS
5.4%
CVE-2018-8017 MEDIUM PATCH This Month

In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apache Tika
NVD
CVSS 3.0
5.5
EPSS
2.5%
CVE-2018-3574 MEDIUM PATCH This Month

In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Mozilla Information Disclosure Linux Android
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-3823 MEDIUM This Month

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Elasticsearch X Pack Kibana X Pack Logstash X Pack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2018-3829 MEDIUM This Month

In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Elastic Authentication Bypass Elastic Cloud Enterprise
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2018-17206 MEDIUM PATCH This Month

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Openvswitch Openstack Ubuntu Linux +1
NVD GitHub
CVSS 3.1
4.9
EPSS
2.0%
CVE-2018-8889 MEDIUM This Month

A directory traversal vulnerability in the Connect Service of the BlackBerry Enterprise Mobility Server (BEMS) 2.8.17.29 and earlier could allow an attacker to retrieve arbitrary files in the context. Rated medium severity (CVSS 4.7). No vendor patch available.

Path Traversal Enterprise Mobility Server
NVD
CVSS 3.0
4.7
EPSS
0.5%
CVE-2018-17204 MEDIUM PATCH This Month

An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Openvswitch Openstack Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy