Skip to main content
CVE-2018-11413 MEDIUM POC This Month

An issue was discovered in BearAdmin 0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Bearadmin
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-1000039 MEDIUM POC This Month

In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Denial Of Service Mupdf
NVD
CVSS 3.1
6.3
EPSS
1.8%
CVE-2018-11415 MEDIUM POC This Month

SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SAP Internet Transaction Server
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
8.3%
CVE-2018-11404 MEDIUM POC This Month

DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-11412 MEDIUM POC THREAT This Month

In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Linux Information Disclosure Use After Free Linux Kernel +1
NVD Exploit-DB
CVSS 3.0
5.9
EPSS
16.4%
CVE-2018-1000040 MEDIUM POC This Month

In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-1000037 MEDIUM POC This Month

In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2018-1000036 MEDIUM POC This Month

In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-11403 MEDIUM POC This Month

DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.8%
CVE-2018-11332 MEDIUM POC This Month

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Clippercms
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
1.9%
CVE-2018-11402 MEDIUM This Month

SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure U9K Kp1000 Firmware
NVD
CVSS 3.0
6.6
EPSS
0.2%
CVE-2018-9920 MEDIUM This Month

Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Smartforms
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-10595 MEDIUM This Month

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor). Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Database Manager Performa Reada
NVD
CVSS 3.0
6.3
EPSS
0.4%
CVE-2018-10593 MEDIUM This Month

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA,. Rated medium severity (CVSS 5.6). No vendor patch available.

Information Disclosure Database Manager Performa Reada
NVD
CVSS 3.0
5.6
EPSS
0.4%
CVE-2018-1000199 MEDIUM PATCH This Month

The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Linux RCE Buffer Overflow Debian Linux Linux Kernel +8
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-11401 MEDIUM This Month

In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure U9K Bs1000 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2018-11400 MEDIUM This Month

In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure U9K Bs1000 Firmware
NVD
CVSS 3.0
4.6
EPSS
0.3%
CVE-2018-11399 MEDIUM This Month

SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure U9K Es1000 Firmware U9K Kr1 Firmware U9K Ms1000 Firmware U9K Wt1000 Firmware
NVD
CVSS 3.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy