Skip to main content
CVE-2018-13042 MEDIUM POC This Month

The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Denial Of Service 1Password
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
7.9%
CVE-2018-15428 MEDIUM This Month

A vulnerability in the implementation of Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.0
6.8
EPSS
2.0%
CVE-2018-15399 MEDIUM This Month

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Adaptive Security Appliance Software Firepower Threat Defense
NVD
CVSS 3.1
6.8
EPSS
1.8%
CVE-2018-15397 MEDIUM This Month

A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Secure Firewall Management Center Adaptive Security Appliance Software
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2018-15396 MEDIUM This Month

A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unity Connection
NVD
CVSS 3.0
6.8
EPSS
1.8%
CVE-2018-15390 MEDIUM This Month

A vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Cisco Firepower Threat Defense
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2018-15370 MEDIUM This Month

A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Apple Ios Rom Monitor
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-15369 MEDIUM This Month

A vulnerability in the TACACS+ client subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.0
6.8
EPSS
2.1%
CVE-2018-0469 MEDIUM This Month

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.0
6.8
EPSS
3.1%
CVE-2018-15376 MEDIUM This Month

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Apple iOS
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-15375 MEDIUM This Month

A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Apple iOS
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-15374 MEDIUM This Month

A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Jwt Attack Authentication Bypass Apple Ios Xe
NVD
CVSS 3.0
6.7
EPSS
0.2%
CVE-2018-15371 MEDIUM This Month

A vulnerability in the shell access request mechanism of Cisco IOS XE Software could allow an authenticated, local attacker to bypass authentication and gain unrestricted access to the root shell of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Ios Xe
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-15368 MEDIUM This Month

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Apple Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2018-0481 MEDIUM This Month

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2018-0477 MEDIUM This Month

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to execute commands on the underlying Linux shell of an affected device with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2018-18016 MEDIUM PATCH This Month

ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-15405 MEDIUM This Month

A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Ucs Director
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-15404 MEDIUM This Month

A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to cause a denial of service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Unified Computing System Director Integrated Management Controller Supervisor
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15401 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Hosted Collaboration Mediation Fulfillment could allow an unauthenticated, remote attacker to conduct a cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Hosted Collaboration Mediation Fulfillment
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-0466 MEDIUM This Month

A vulnerability in the Open Shortest Path First version 3 (OSPFv3) implementation in Cisco IOS and IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-0460 MEDIUM This Month

A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to read any file on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Network Functions Virtualization Infrastructure
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-0459 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to cause an affected system to reboot or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Network Functions Virtualization Infrastructure
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-0197 MEDIUM This Month

A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple iOS Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2018-1649 MEDIUM PATCH This Month

IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

IBM Path Traversal Qradar Incident Forensics
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-15436 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Webex Business Suite 31 Webex Business Suite 32 Webex Business Suite 33 +1
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-15434 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Skinny Client Control Protocol Software
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15406 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Ucs Director
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-15400 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Cloud Services Platform 2100 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0480 MEDIUM This Month

A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS). Rated medium severity (CVSS 6.1), this vulnerability is no authentication required. No vendor patch available.

Race Condition Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2018-0465 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Sf302 08Pp Firmware Sf302 08Mpp Firmware Sg300 10Pp Firmware +24
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0458 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Prime Collaboration Assurance
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-0452 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Tetration Analytics
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0450 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0444 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Packaged Contact Center Enterprise could allow an unauthenticated, remote attacker to conduct a stored XSS attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Cisco Packaged Contact Center Enterprise
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2018-1795 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0476 MEDIUM This Month

A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.0
5.9
EPSS
13.7%
CVE-2018-0414 MEDIUM This Month

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cisco Secure Access Control Server Solution Engine
NVD
CVSS 3.0
5.7
EPSS
1.8%
CVE-2018-11797 MEDIUM PATCH This Month

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Pdfbox Fedora Retail Xstore Point Of Service
NVD
CVSS 3.1
5.5
EPSS
4.0%
CVE-2018-15407 MEDIUM This Month

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco Hyperflex Hx Data Platform
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2018-0457 MEDIUM This Month

A vulnerability in the Cisco Webex Player for Webex Recording Format (WRF) files could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Webex Meetings Online
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-1783 MEDIUM PATCH This Month

IBM GPFS (IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2) command line utility allows an unprivileged, authenticated user with access to a GPFS node to forcefully. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1723 MEDIUM PATCH This Month

IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Spectrum Scale
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15403 MEDIUM This Month

A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Open Redirect Unified Communications Manager Unity Connection Unified Communications Manager Im And Presence Service +1
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-1812 MEDIUM PATCH This Month

IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to persistent cross-site scripting, caused by missing escaping of a database field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Robotic Process Automation With Automation Anywhere
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1686 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-15429 MEDIUM This Month

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Hyperflex Hx Data Platform
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2018-0447 MEDIUM This Month

A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Email Security Appliance
NVD
CVSS 3.0
5.3
EPSS
2.3%
CVE-2018-0462 MEDIUM This Month

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to perform a denial of service (DoS) attack. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cisco Enterprise Network Virtualization Software
NVD
CVSS 3.0
4.9
EPSS
1.5%
CVE-2018-15426 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Unity Connection
NVD
CVSS 3.0
4.8
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy