Skip to main content
CVE-2018-11256 MEDIUM POC This Month

An issue was discovered in PoDoFo 0.9.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11251 MEDIUM POC This Month

In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-11255 MEDIUM POC This Month

An issue was discovered in PoDoFo 0.9.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-1148 MEDIUM This Month

In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Session Fixation Information Disclosure Nessus
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-11245 MEDIUM PATCH This Month

app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-10307 MEDIUM PATCH This Month

error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the text of a PDO exception. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ilias
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-10306 MEDIUM PATCH This Month

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Ilias
NVD GitHub
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-11254 MEDIUM This Month

An issue was discovered in PoDoFo 0.9.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Podofo
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-11232 MEDIUM PATCH This Month

The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-1147 MEDIUM This Month

In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nessus
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-11244 MEDIUM This Month

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Bbe Theme
NVD
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-8849 MEDIUM This Month

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure N Vision 8840 Firmware N Vision 8870 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy