Skip to main content
CVE-2018-5727 MEDIUM POC This Month

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Openjpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-5715 MEDIUM POC This Month

phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Sugarcrm
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
6.9%
CVE-2018-5370 MEDIUM POC This Month

BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xnami
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.2%
CVE-2018-1000004 MEDIUM POC This Month

In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.0
5.9
EPSS
3.5%
CVE-2018-5728 MEDIUM POC This Month

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information via a /cgi-bin/getSysStatus request, as demonstrated by the Latitude/Longitude of the ship,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Seatel 121 Firmware
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-5710 MEDIUM This Month

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Kerberos
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-5712 MEDIUM PATCH This Month

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.1
EPSS
79.9%
CVE-2014-9485 MEDIUM This Month

Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Minizip Ng
NVD VulDB
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-5711 MEDIUM PATCH This Month

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service PHP Debian Linux Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
13.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy