Skip to main content
CVE-2018-1000873 MEDIUM POC PATCH This Month

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jackson Modules Java8 Clusterware Database Server Global Lifecycle Management Opatch +2
NVD GitHub
CVSS 3.1
6.5
EPSS
4.8%
CVE-2018-1000872 MEDIUM POC PATCH This Month

OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pykmip
NVD GitHub
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-1000852 MEDIUM POC PATCH This Month

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Freerdp Ubuntu Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2018-1000840 MEDIUM POC This Month

Processing Foundation Processing version 3.4 and earlier contains a XML External Entity (XXE) vulnerability in loadXML() function that can result in An attacker can read arbitrary files and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Processing
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-1000814 MEDIUM POC PATCH This Month

aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Aiohttp Session
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2018-20304 MEDIUM POC This Month

wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Buffer Overflow Libexcel
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-16627 MEDIUM POC This Month

panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Kirby
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-12651 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Human Resource Management Software
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000874 MEDIUM POC This Month

PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Markdown
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-1000868 MEDIUM POC PATCH This Month

WeBid version up to current version 1.2.2 contains a Cross Site Scripting (XSS) vulnerability in user_login.php, register.php that can result in Javascript execution in the user's browser, injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Webid
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-1000826 MEDIUM POC PATCH This Month

Microweber version <= 1.0.7 contains a Cross Site Scripting (XSS) vulnerability in Admin login form template that can result in Execution of JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-20302 MEDIUM POC PATCH This Month

An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Xain
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1000886 MEDIUM POC This Month

nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-14846 MEDIUM POC This Month

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Multi Step Form
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-1000870 MEDIUM POC PATCH This Month

PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Phpipam
NVD GitHub
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-1000816 MEDIUM POC PATCH This Month

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Grafana XSS
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-1000856 MEDIUM POC This Month

DomainMOD version 4.09.03 and above. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Domainmod
NVD GitHub
CVSS 3.0
4.8
EPSS
1.4%
CVE-2018-1000860 MEDIUM POC This Month

phpipam version 1.3.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in The value of the phpipamredirect cookie is copied into an HTML tag on the login page encapsulated in single. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS RCE Phpipam
NVD GitHub
CVSS 3.0
4.7
EPSS
0.8%
CVE-2018-17244 MEDIUM PATCH This Month

Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Elastic Elasticsearch
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-1000883 MEDIUM PATCH This Month

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Plug
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-8892 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Unified Endpoint Manager
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-1000880 MEDIUM PATCH This Month

libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser -. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libarchive Ubuntu Linux Fedora Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
4.1%
CVE-2018-1000879 MEDIUM PATCH This Month

libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser -. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Libarchive Fedora Leap
NVD GitHub
CVSS 3.1
6.5
EPSS
3.4%
CVE-2018-20301 MEDIUM This Month

An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Coherence
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1000855 MEDIUM PATCH This Month

easymon version 1.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Endpoint where monitoring is mounted that can result in Reflected XSS that affects Firefox. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Mozilla XSS Easymon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-1000848 MEDIUM This Month

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Wampserver
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-1000842 MEDIUM PATCH This Month

FatFreeCRM version <=0.14.1, >=0.15.0 <=0.15.1, >=0.16.0 <=0.16.3, >=0.17.0 <=0.17.2, ==0.18.0 contains a Cross Site Scripting (XSS) vulnerability in commit 6d60bc8ed010c4eda05d6645c64849f415f68d65. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fatfreecrm
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2018-1000841 MEDIUM This Month

Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Zendto
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-17247 MEDIUM PATCH This Month

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Elastic Java XXE Elasticsearch
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-20124 MEDIUM PATCH This Month

hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Qemu Ubuntu Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-20126 MEDIUM PATCH This Month

hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Qemu Ubuntu Linux Leap
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-1677 MEDIUM PATCH This Month

IBM DataPower Gateways 7.1, 7.2, 7.5, 7.5.1, 7.5.2, 7.6, and 7.7 and IBM MQ Appliance are vulnerable to a denial of service, caused by the improper handling of full file system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service IBM Datapower Gateway
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1000847 MEDIUM PATCH This Month

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting (XSS) vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Freshdns
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-20306 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Ivanti Virtual Traffic Manager
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-8891 MEDIUM This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Unified Endpoint Manager
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-8888 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Unified Endpoint Manager
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-1000813 MEDIUM This Month

Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Backdrop Cms
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-1000815 MEDIUM PATCH This Month

Brave Software Inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Brave
NVD GitHub
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-20307 MEDIUM This Month

Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Virtual Traffic Manager
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy