Skip to main content
CVE-2018-3238 MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Webcenter Sites
NVD
CVSS 3.0
6.9
EPSS
4.6%
CVE-2018-18409 MEDIUM POC This Month

A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW 1.5.0, due to received incorrect values causing incorrect computation, leading to denial of service during an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpflow Fedora +1
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-18407 MEDIUM POC This Month

A heap-based buffer over-read was discovered in the tcpreplay-edit binary of Tcpreplay 4.3.0 beta1, during the incremental checksum operation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Tcpreplay Fedora
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-3167 MEDIUM POC PATCH THREAT This Month

Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Management Pack
NVD
CVSS 3.0
5.3
EPSS
17.1%
CVE-2018-18433 MEDIUM POC This Month

An issue was discovered in DESTOON B2B 7.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Destoon B2B
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18431 MEDIUM POC This Month

An issue was discovered in DESTOON B2B 7.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Destoon B2B
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18430 MEDIUM POC This Month

An issue was discovered in DESTOON B2B 7.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Destoon B2B
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-18443 MEDIUM POC This Month

OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Openexr
NVD GitHub
CVSS 3.0
4.3
EPSS
2.1%
CVE-2018-0381 MEDIUM This Month

A vulnerability in the Cisco Aironet Series Access Points (APs) software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a denial of. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Aironet Access Points
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2018-3122 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Integrations). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

Oracle Authentication Bypass Retail Open Commerce Platform
NVD
CVSS 3.0
6.8
EPSS
1.3%
CVE-2018-3211 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2018-3126 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Oracle Information Disclosure Retail Xstore Point Of Service
NVD
CVSS 3.0
6.6
EPSS
1.4%
CVE-2018-15438 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Prime Collaboration Assurance
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-0420 MEDIUM This Month

A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Wireless Lan Controller Software
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2018-3251 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +6
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-3249 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-3248 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.0
6.5
EPSS
2.4%
CVE-2018-3236 MEDIUM PATCH This Month

Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass User Management
NVD
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-3203 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-3182 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-3166 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Cruise Fleet Management
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-3163 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Hospitality Cruise Fleet Management
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-3156 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux Debian Linux +6
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2018-3145 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-3143 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +6
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2018-3137 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-3133 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Active Iq Unified Manager Oncommand Insight +6
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-2887 MEDIUM PATCH This Month

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Microsoft Authentication Bypass Micros Retail J
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-3272 MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones Virtualized NIC Driver). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Denial Of Service Solaris
NVD
CVSS 3.0
6.2
EPSS
0.5%
CVE-2018-15435 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Socialminer
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-15973 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-15972 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-15971 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-15970 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-15969 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-18372 MEDIUM This Month

A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-18262 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-17964 MEDIUM This Month

Aryanic HighPortal 12.5 has XSS via an Add Tags action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Highportal
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-15493 MEDIUM PATCH This Month

vBulletin 5.4.3 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Vbulletin
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-3301 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3281 MEDIUM PATCH This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-3257 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3255 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3250 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3241 MEDIUM PATCH This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-3207 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3206 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3205 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3194 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3193 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy