Skip to main content
CVE-2018-9445 MEDIUM POC PATCH This Month

In readMetadata of Utils.cpp, there is a possible path traversal bug due to a confused deputy. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Privilege Escalation Path Traversal Android
NVD Exploit-DB
CVSS 3.0
6.8
EPSS
0.8%
CVE-2018-16474 MEDIUM POC This Month

A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tianma Static
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16473 MEDIUM POC This Month

A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Takeapeek
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-1694 MEDIUM PATCH This Month

IBM Jazz applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-9454 MEDIUM This Month

In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9453 MEDIUM PATCH This Month

In avdt_msg_prs_cfg of avdt_msg.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9451 MEDIUM PATCH This Month

In DynamicRefTable::load of ResourceTypes.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9444 MEDIUM This Month

In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-9437 MEDIUM PATCH This Month

In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Denial Of Service Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-17184 MEDIUM PATCH This Month

A malicious user with enough administration entitlements can inject html-like elements containing JavaScript statements into Connector names, Report names, AnyTypeClass keys and Policy descriptions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Syncope
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-9438 MEDIUM PATCH This Month

When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.0
5.0
EPSS
0.2%
CVE-2018-18966 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18965 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-18964 MEDIUM This Month

osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Online Merchant
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%
CVE-2018-1606 MEDIUM PATCH This Month

IBM Jazz based applications (IBM Rational Collaborative Lifecycle Management 5.0 through 5.02 and 6.0 through 6.0.6, IBM Rational DOORS Next Generation 5.0 through 5.02 and 6.0 through 6.0.6, IBM. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy