Skip to main content
CVE-2018-12583 MEDIUM POC This Month

An issue was discovered in AKCMS 6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Akcms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-12588 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Open Monograph Press
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-11725 MEDIUM This Month

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libmobi
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-11537 MEDIUM PATCH This Month

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Angular Jwt
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-12564 MEDIUM PATCH This Month

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lava Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-12563 MEDIUM PATCH This Month

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lava
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-12560 MEDIUM This Month

An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cantata
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-12580 MEDIUM PATCH This Month

library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Vbsecurity
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-12098 MEDIUM This Month

The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Liblnk
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-12097 MEDIUM This Month

The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Liblnk
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-12096 MEDIUM This Month

The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Liblnk
NVD
CVSS 3.0
5.5
EPSS
0.6%
CVE-2018-11731 MEDIUM This Month

The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libfsntfs
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-11730 MEDIUM This Month

The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libfsntfs
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-11729 MEDIUM This Month

The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libfsntfs
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-11728 MEDIUM This Month

The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libfsntfs
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-11727 MEDIUM This Month

The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libfsntfs
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-11723 MEDIUM This Month

The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Libpff
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-1073 MEDIUM This Month

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ovirt Engine Virtualization Virtualization Host
NVD
CVSS 3.1
5.3
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy