Skip to main content
CVE-2018-18065 MEDIUM POC PATCH THREAT This Month

_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Net Snmp Debian Linux Ubuntu Linux +7
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
17.2%
CVE-2018-18064 MEDIUM POC This Month

cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Cairo
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-18069 MEDIUM POC THREAT This Month

process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Wpml
NVD
CVSS 3.0
6.1
EPSS
13.2%
CVE-2018-17443 MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2018-17441 MEDIUM POC PATCH This Month

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS D-Link Central Wifimanager
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2018-15903 MEDIUM POC This Month

The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Claromentis
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1749 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1741 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 does not properly limit the number or frequency of interaction which could be used to cause a denial of service, compromise program logic or other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Security Key Lifecycle Manager
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-5401 MEDIUM This Month

The Auto-Maskin DCU 210E, RP-210E, and Marine Pro Observer Android App transmit sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Rp 210E Firmware Dcu 210E Firmware Marine Pro Observer
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-1000808 MEDIUM PATCH This Month

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Python Pyopenssl Ubuntu Linux Gluster Storage +4
NVD GitHub
CVSS 3.0
5.9
EPSS
1.9%
CVE-2018-14656 MEDIUM PATCH This Month

A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

RCE Linux Linux Kernel
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-17060 MEDIUM This Month

Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Telerik Extensions For Asp Net Mvc
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2018-1743 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 discloses sensitive information to unauthorized users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-1000803 MEDIUM PATCH This Month

Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Gitea
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-17889 MEDIUM This Month

In WECON Technology Co., Ltd. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Information Disclosure Pi Studio Pi Studio Hmi
NVD
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-17977 MEDIUM This Month

The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2018-1753 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 2.6, 2.7, and 3.0 generates an error message that includes sensitive information about its environment, users, or associated data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Security Key Lifecycle Manager
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy