Skip to main content
CVE-2018-17581 MEDIUM POC This Month

CiffDirectory::readDirectory() at crwimage_int.cpp in Exiv2 0.26 has excessive stack consumption due to a recursive function, leading to Denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Exiv2 Debian Linux Ubuntu Linux Enterprise Linux Desktop +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.4%
CVE-2018-17571 MEDIUM POC This Month

Vanilla before 2.6.1 allows XSS via the email field of a profile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vanilla
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17056 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ServiceStack in Progress Sitefinity CMS versions 10.2 through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sitefinity Cms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-14037 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kendo Ui
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-15365 MEDIUM POC This Month

A Reflected Cross-Site Scripting (XSS) vulnerability in Trend Micro Deep Discovery Inspector 3.85 and below could allow an attacker to bypass CSRF protection and conduct an attack on vulnerable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Trend Micro XSS CSRF Deep Discovery Inspector
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-17574 MEDIUM POC PATCH This Month

An issue was discovered in YMFE YApi 1.3.23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yapi
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-16277 MEDIUM POC This Month

The Image Import function in XWiki through 10.7 has XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-9074 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo File Upload Path Traversal Lenovoemc Firmware
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1250 MEDIUM This Month

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains an Authorization Bypass vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Emc Unity Firmware Emc Unityvsa
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-16587 MEDIUM PATCH This Month

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Open Ticket Request System Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-1246 MEDIUM This Month

Dell EMC Unity and UnityVSA contains reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Dell XSS Emc Unity Operating Environment Emc Unityvsa Operating Environment
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-11074 MEDIUM This Month

RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Authentication Manager Rsa Authentication Manager
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-9080 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo Authentication Bypass Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-6925 MEDIUM PATCH This Month

In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-17155 MEDIUM PATCH This Month

In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-17154 MEDIUM PATCH This Month

In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Freebsd
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1704 MEDIUM This Month

IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Open Redirect Platform Symphony Spectrum Symphony
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-11073 MEDIUM This Month

RSA Authentication Manager versions prior to 8.3 P3 contain a stored cross-site scripting vulnerability in the Operations Console. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsa Authentication Manager Authentication Manager
NVD
CVSS 3.0
4.8
EPSS
1.1%
CVE-2018-9081 MEDIUM This Month

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Lenovo XSS Storcenter Px12 450R Firmware Storcenter Px12 400R Firmware Storcenter Px4 300R Firmware +17
NVD
CVSS 3.0
4.7
EPSS
0.5%
CVE-2018-11075 MEDIUM This Month

RSA Authentication Manager versions prior to 8.3 P3 contain a reflected cross-site scripting vulnerability in a Security Console page. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF XSS Authentication Manager Rsa Authentication Manager
NVD
CVSS 3.0
4.7
EPSS
1.5%
CVE-2018-16586 MEDIUM PATCH This Month

In Open Ticket Request System (OTRS) 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Open Ticket Request System Debian Linux
NVD GitHub
CVSS 3.0
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy