How severe is CVE-2018-18506?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2018-18506?

This is classified as NVD-CWE-Other, which is a common weakness in software security.

CVE-2018-18506

MEDIUM Year: 2018

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

NVD-CWE-Other

View all →

Vulnerability Description

When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server. This behavior is disallowed by default when a proxy is manually configured, but when enabled could allow for attacks on services and tools that bind to the localhost for networked behavior if they are accessed through browsing. This vulnerability affects Firefox < 65.

CVE-2004-1464

MEDIUM

CVSS:5.9(Medium)

Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.

NVD-CWE-Other2004

CVE-2015-5370

MEDIUM

CVSS:5.9(Medium)

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a ...

NVD-CWE-Other2015

CVE-2015-7744

MEDIUM

CVSS:5.9(Medium)

wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations...

NVD-CWE-Other2015

CVE-2015-8158

MEDIUM

CVSS:5.9(Medium)

The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.

NVD-CWE-Other2015

CVE-2015-8288

MEDIUM

CVSS:5.9(Medium)

NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier use the same hardcoded private key across different customers' installations, which allows remote atta...

NVD-CWE-Other2015

CVE-2016-0677

MEDIUM

CVSS:5.9(Medium)

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.

NVD-CWE-Other2016

CVE-2018-18506

Vulnerability Description

Related Vulnerabilities

CVE-2004-1464

CVE-2015-5370

CVE-2015-7744

CVE-2015-8158

CVE-2015-8288

CVE-2016-0677