Skip to main content
CVE-2018-11439 MEDIUM POC This Month

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Taglib Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2018-11437 MEDIUM POC This Month

The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11436 MEDIUM POC This Month

The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11435 MEDIUM POC This Month

The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11434 MEDIUM POC This Month

The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11433 MEDIUM POC This Month

The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11432 MEDIUM POC This Month

The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-11568 MEDIUM POC This Month

Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gameplan Event And Gym Fitness
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-11559 MEDIUM POC This Month

DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-11558 MEDIUM POC This Month

DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-11477 MEDIUM This Month

An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Icar 2 Wi Fi Obd2 Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-11562 MEDIUM PATCH This Month

An issue was discovered in MISP 2.4.91. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-10939 MEDIUM PATCH This Month

Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.0
6.1
EPSS
1.4%
CVE-2018-11557 MEDIUM This Month

YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Easy Class Education Platform
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-10196 MEDIUM PATCH This Month

NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Graphviz Fedora Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-11565 MEDIUM PATCH This Month

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mahara
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-10995 MEDIUM This Month

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Slurm Debian Linux
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-7534 MEDIUM This Month

In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Stealth Authorization Server
NVD
CVSS 3.0
4.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy