Skip to main content
CVE-2018-19859 MEDIUM POC PATCH This Month

OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Openrefine
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-19877 MEDIUM POC THREAT This Month

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Loganalyzer
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
18.6%
CVE-2018-19876 MEDIUM PATCH This Month

cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Apple Cairo
NVD
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-12155 MEDIUM This Month

Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Integrated Performance Primitives
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1650 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass IBM Qradar Incident Forensics
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-1728 MEDIUM PATCH This Month

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Incident Forensics
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-19608 MEDIUM This Month

Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Mbed Tls
NVD VulDB
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-15773 MEDIUM PATCH This Month

Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Dell Information Disclosure Data Protection Encryption
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2018-1697 MEDIUM This Month

IBM Maximo Asset Management 7.6 could allow an authenticated user to enumerate usernames using a specially crafted HTTP request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Maximo Asset Management
NVD
CVSS 3.0
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy