Skip to main content
CVE-2018-8807 MEDIUM POC This Month

In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-8806 MEDIUM POC This Month

In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Use After Free Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-8805 MEDIUM POC This Month

Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Yxcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8821 MEDIUM POC This Month

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Windriver
NVD GitHub
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-8810 MEDIUM POC This Month

In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-8809 MEDIUM POC This Month

In radare2 2.4.0, there is a heap-based buffer over-read in the dalvik_op function of anal_dalvik.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-8808 MEDIUM POC This Month

In radare2 2.4.0, there is a heap-based buffer over-read in the r_asm_disassemble function of asm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-1322 MEDIUM POC PATCH THREAT This Month

An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Syncope
NVD Exploit-DB
CVSS 3.0
4.9
EPSS
20.5%
CVE-2018-8815 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencms
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
1.4%
CVE-2018-4844 MEDIUM This Month

A vulnerability has been identified in SIMATIC WinCC OA UI for Android (All versions < V3.15.10), SIMATIC WinCC OA UI for iOS (All versions < V3.15.10). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Siemens Apple Simatic Wincc Oa Ui
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2018-4843 MEDIUM This Month

A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Simatic Cp 343 1 Firmware Simatic Cp 443 1 Firmware Simatic S7 1500 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-5438 MEDIUM This Month

Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. Rated medium severity (CVSS 6.3). No vendor patch available.

Authentication Bypass Microsoft Intellispace Cardiovascular
NVD
CVSS 3.0
6.3
EPSS
0.5%
CVE-2018-7511 MEDIUM This Month

In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases where specially crafted files could cause a buffer overflow which, in turn, may allow remote execution of arbitrary code. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Elcsoft
NVD
CVSS 3.0
5.3
EPSS
2.1%
CVE-2018-8832 MEDIUM This Month

enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enhavo
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-3626 MEDIUM This Month

Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized. Rated medium severity (CVSS 4.7). No vendor patch available.

Intel Microsoft Information Disclosure Sgx Sdk
NVD
CVSS 3.0
4.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy