Skip to main content
CVE-2018-12578 CRITICAL POC Act Now

There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Sam2P
NVD GitHub
CVSS 3.0
9.8
EPSS
2.1%
CVE-2018-12519 HIGH POC This Week

An issue was discovered in ShopNx through 2017-11-17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Node.js Shopnx
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
7.9%
CVE-2018-12293 HIGH POC PATCH THREAT This Week

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Apple Ubuntu Linux Webkitgtk +1
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
10.5%
CVE-2018-12582 HIGH POC This Week

An issue was discovered in AKCMS 6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Akcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-11526 HIGH POC This Week

The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Wordpress Comments Import And Export
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.2%
CVE-2018-11525 HIGH POC This Week

The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Advanced Order Export For Woocommerce
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.2%
CVE-2018-10945 HIGH POC This Week

The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Mongoose
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-8727 HIGH POC This Week

Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 and earlier allows an attacker to traverse the file system to access files or directories via the Web Client webserver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Dvms Workstation
NVD
CVSS 3.0
7.5
EPSS
7.8%
CVE-2018-12583 MEDIUM POC This Month

An issue was discovered in AKCMS 6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Akcms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-12588 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Open Monograph Press
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-6210 CRITICAL Act Now

D-Link DIR-620 devices, with a certain Rostelekom variant of firmware 1.0.37, have a hardcoded rostel account, which makes it easier for remote attackers to obtain access via a TELNET session. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 620 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2018-12562 CRITICAL PATCH Act Now

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Cantata
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2018-12557 CRITICAL PATCH Act Now

An issue was discovered in Zuul 3.x before 3.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Zuul
NVD
CVSS 3.0
9.8
EPSS
1.9%
CVE-2018-12294 HIGH This Week

WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Apple Webkitgtk
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-11726 HIGH This Week

The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Libmobi
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-11724 HIGH This Week

The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libmobi
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2018-11116 HIGH This Week

OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Openwrt
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-12565 HIGH PATCH This Week

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Lava Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2018-12561 HIGH PATCH This Week

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Cantata
NVD GitHub
CVSS 3.0
8.8
EPSS
1.4%
CVE-2018-12559 HIGH PATCH This Week

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cantata
NVD GitHub
CVSS 3.0
8.8
EPSS
2.1%
CVE-2018-10811 HIGH PATCH This Week

strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Strongswan Debian Linux Ubuntu Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
7.1%
CVE-2018-1061 HIGH This Week

python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Python Debian Linux Ansible Tower Enterprise Linux Desktop +4
NVD
CVSS 3.0
7.5
EPSS
5.0%
CVE-2018-11725 MEDIUM This Month

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-11537 MEDIUM PATCH This Month

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Angular Jwt
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-12564 MEDIUM PATCH This Month

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lava Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-12563 MEDIUM PATCH This Month

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lava
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-12560 MEDIUM This Month

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cantata
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-12580 MEDIUM PATCH This Month

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Vbsecurity
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-12098 MEDIUM This Month

The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Liblnk
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-12097 MEDIUM This Month

The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Liblnk
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-12096 MEDIUM This Month

The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Liblnk
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-11731 MEDIUM This Month

The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libfsntfs
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-11730 MEDIUM This Month

The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libfsntfs
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-11729 MEDIUM This Month

The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libfsntfs
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-11728 MEDIUM This Month

The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libfsntfs
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-11727 MEDIUM This Month

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libfsntfs
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-11723 MEDIUM This Month

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libpff
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-1073 MEDIUM This Month

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine Virtualization Virtualization Host
NVD
CVSS 3.1
5.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy