Skip to main content
CVE-2018-19110 MEDIUM POC This Month

The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended permission restrictions by visiting tianti-module-admin/user/skin/list directly because. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Tianti
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-15437 MEDIUM POC This Month

A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Cisco Advanced Malware Protection For Endpoints Immunet For Endpoints
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-19044 MEDIUM POC PATCH This Month

keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Keepalived
NVD GitHub
CVSS 3.0
4.7
EPSS
0.5%
CVE-2018-7718 MEDIUM This Month

An issue was discovered in Telexy QPath 5.4.462. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Qpath
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-15450 MEDIUM This Month

A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Prime Collaboration
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-15449 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Video Surveillance Media Server
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-0284 MEDIUM This Month

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Meraki Mr 24 Firmware Meraki Mr 25 Firmware Meraki Ms 10 Firmware +4
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-19108 MEDIUM PATCH This Month

In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PSD image reader may suffer from a denial of service (infinite loop) caused by an integer overflow via a crafted PSD image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Exiv2 Debian Linux Enterprise Linux Desktop Enterprise Linux Server +2
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2018-19107 MEDIUM PATCH This Month

In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdimage.cpp in the PSD image reader) may suffer from a denial of service (heap-based buffer over-read) caused by an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Exiv2 Debian Linux +4
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2018-15393 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Content Security Management Appliance
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-6433 MEDIUM This Month

A vulnerability in the secryptocfg export command of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to bypass the export file access restrictions and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fabric Operating System
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-15451 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Prime Service Catalog
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-19111 MEDIUM This Month

The Google Cardboard application 1.8 for Android and 1.2 for iOS sends potentially private cleartext information to the Unity 3D Stats web site, as demonstrated by device make, model, and OS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Cardboard
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2018-19046 MEDIUM PATCH This Month

keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keepalived
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-1314 MEDIUM PATCH This Month

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Hive
NVD
CVSS 3.0
4.3
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy