Skip to main content
CVE-2018-11438 HIGH POC This Week

The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Libmobi
NVD
CVSS 3.0
8.8
EPSS
2.7%
CVE-2018-11556 HIGH POC This Week

tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Little Cms
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-11555 HIGH POC This Week

tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Little Cms
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-11235 HIGH POC PATCH THREAT This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Debian Linux Ubuntu Linux Enterprise Linux +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
49.2%
CVE-2018-11439 MEDIUM POC This Month

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Taglib Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2018-11437 MEDIUM POC This Month

The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11436 MEDIUM POC This Month

The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11435 MEDIUM POC This Month

The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11434 MEDIUM POC This Month

The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11433 MEDIUM POC This Month

The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11432 MEDIUM POC This Month

The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11568 MEDIUM POC This Month

Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gameplan Event And Gym Fitness
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-11482 CRITICAL Act Now

/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass TP-Link Ipc Tl Ipc223 P 6 Firmware Tl Ipc323K D Firmware Tl Ipc325 Kp Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-11559 MEDIUM POC This Month

DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-11558 MEDIUM POC This Month

DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-11481 HIGH This Week

TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE TP-Link Ipc Tl Ipc223 P 6 Firmware Tl Ipc323K D Firmware Tl Ipc325 Kp Firmware +1
NVD GitHub
CVSS 3.0
8.8
EPSS
1.8%
CVE-2018-11478 HIGH This Week

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Icar 2 Wi Fi Obd2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-11476 HIGH This Week

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Icar 2 Wi Fi Obd2 Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-11518 HIGH This Week

A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Legacy Ivr Firmware
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2018-11233 HIGH This Week

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Ubuntu Linux Git
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2018-11567 LOW POC Monitor

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Session Fixation Information Disclosure Echo Show Firmware Echo Plus Firmware Echo Dot Firmware +2
NVD
CVSS 3.0
3.3
EPSS
1.1%
CVE-2018-11477 MEDIUM This Month

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Icar 2 Wi Fi Obd2 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-11562 MEDIUM PATCH This Month

An issue was discovered in MISP 2.4.91. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-10939 MEDIUM PATCH This Month

Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-11557 MEDIUM This Month

YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Easy Class Education Platform
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-10196 MEDIUM PATCH This Month

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Graphviz Fedora Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-11565 MEDIUM PATCH This Month

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mahara
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-10995 MEDIUM This Month

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slurm Debian Linux
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-7534 MEDIUM This Month

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Stealth Authorization Server
NVD
CVSS 3.0
4.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy