Skip to main content
CVE-2018-7925 MEDIUM This Month

The radio module of some Huawei smartphones Emily-AL00A The versions before 8.1.0.171(C00) have a lock-screen bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emily Al00A Firmware
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2018-7910 MEDIUM This Month

Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432),. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Alp Al00B Firmware Alp Tl00B Firmware Bla Al00B Firmware +2
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2018-15452 MEDIUM This Month

A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Cisco Advanced Malware Protection For Endpoints
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-2473 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-18591 MEDIUM This Month

A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Service Manager
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-16471 MEDIUM PATCH This Month

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rack Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-2479 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (BIWorkspace), versions 4.1 and 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Bi Platform
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-2476 MEDIUM This Month

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-14658 MEDIUM This Month

A flaw was found in JBOSS Keycloak 3.2.1.Final. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Keycloak
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-6260 MEDIUM This Month

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Gpu Driver
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15771 MEDIUM This Month

Dell EMC RecoverPoint versions prior to 5.1.2.1 and RecoverPoint for VMs versions prior to 5.2.0.2 contain an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Recoverpoint Recoverpoint For Virtual Machines
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-14655 MEDIUM This Month

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Keycloak Single Sign On
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-7926 MEDIUM This Month

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Watch 2 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-2483 MEDIUM This Month

HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Businessobjects Business Intelligence
NVD
CVSS 3.0
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy