Skip to main content
CVE-2018-19853 HIGH This Week

An issue was discovered in hitshop through 2014-07-15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation PHP Hitshop
NVD GitHub
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-19849 MEDIUM POC This Month

An issue was discovered in YzmCMS 5.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18645 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-18993 HIGH This Week

Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Cx One Cx Programmer Cx Server
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2018-18989 HIGH This Week

In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Use After Free Cx One Cx Programmer +1
NVD
CVSS 3.0
7.8
EPSS
1.6%
CVE-2018-0468 HIGH This Week

A vulnerability in the configuration of a local database installed as part of the Cisco Energy Management Suite (CEMS) could allow an authenticated, local attacker to access and alter confidential. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass PostgreSQL Cisco Energy Management Suite
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-6101 HIGH This Week

A lack of host validation in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code via a crafted HTML page, if the user is running a remote DevTools. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google RCE Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
7.5
EPSS
2.7%
CVE-2018-17159 HIGH This Week

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, the NFS server lacks a bounds check in the READDIRPLUS NFS request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Freebsd
NVD
CVSS 3.0
7.5
EPSS
4.2%
CVE-2018-17158 HIGH This Week

In FreeBSD before 11.2-STABLE(r340854) and 11.2-RELEASE-p5, an integer overflow error can occur when handling the client address length field in an NFSv4 request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Freebsd
NVD
CVSS 3.0
7.5
EPSS
4.4%
CVE-2018-17976 MEDIUM This Month

An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-6116 MEDIUM This Month

A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service Chrome Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6115 MEDIUM This Month

Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-6108 MEDIUM This Month

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6107 MEDIUM This Month

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6105 MEDIUM This Month

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-6104 MEDIUM This Month

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6103 MEDIUM This Month

A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6099 MEDIUM This Month

A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6098 MEDIUM This Month

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6095 MEDIUM This Month

Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6089 MEDIUM This Month

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Linux Desktop Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6982 MEDIUM This Month

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion ESXi
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-18991 MEDIUM This Month

Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Scada Webserver
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7987 MEDIUM This Month

There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Huawei Buffer Overflow Denial Of Service P20 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-19840 MEDIUM PATCH This Month

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Wavpack Ubuntu Linux Fedora Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-7956 MEDIUM This Month

Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Vip App Mate 20 Firmware Nova 3I Firmware +1
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-16478 MEDIUM This Month

A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Simplehttpserver
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-19854 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.19.3. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-5496 MEDIUM This Month

Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Data Ontap
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2018-6102 MEDIUM This Month

Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
4.3
EPSS
1.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy