Skip to main content
CVE-2018-6542 MEDIUM POC This Month

In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zziplib
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-6541 MEDIUM POC This Month

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zziplib Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-6540 MEDIUM POC This Month

In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zziplib Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-6561 MEDIUM POC PATCH This Month

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dojo
NVD GitHub
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-6545 MEDIUM POC This Month

Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moveit
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-6544 MEDIUM POC This Month

pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-6550 MEDIUM POC PATCH This Month

Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Monstra
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-6520 MEDIUM PATCH This Month

SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Simplesamlphp
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-6319 MEDIUM This Month

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Sophos Null Pointer Dereference Denial Of Service Sophos Tester
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6536 MEDIUM This Month

An issue was discovered in Icinga 2.x through 2.8.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Icinga
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-6526 MEDIUM This Month

view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 allows remote attackers to discover the full path via an invalid filter parameter, related to a filter_ensure_valid_filter call. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Mantisbt
NVD GitHub
CVSS 3.0
5.3
EPSS
4.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy