Skip to main content
CVE-2018-13310 MEDIUM This Month

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS A3002ru Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-11067 MEDIUM PATCH This Month

Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Dell Open Redirect Emc Avamar Emc Integrated Data Protection Appliance Vsphere Data Protection
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-14663 MEDIUM This Month

An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dnsdist
NVD
CVSS 3.0
5.9
EPSS
2.6%
CVE-2018-19568 MEDIUM This Month

A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dcraw
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19567 MEDIUM This Month

A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dcraw
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-16862 MEDIUM PATCH This Month

A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Enterprise Linux Ubuntu Linux +1
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-14646 MEDIUM PATCH This Month

The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel Enterprise Linux Desktop +5
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-18807 MEDIUM This Month

The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Statistica Server
NVD
CVSS 3.0
5.4
EPSS
1.2%
CVE-2018-19554 MEDIUM This Month

An issue was discovered in Dotcms through 5.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dotcms
NVD
CVSS 3.0
5.4
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy