Skip to main content
CVE-2018-13251 MEDIUM POC This Month

In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-13250 MEDIUM POC This Month

libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-13153 MEDIUM POC This Month

In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
4.0%
CVE-2018-13339 MEDIUM POC This Month

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Angular Redactor
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-8738 MEDIUM POC This Month

Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 5444 Firmware 5444Tt Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-3769 MEDIUM POC PATCH This Month

ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Grape
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2018-8026 MEDIUM POC PATCH This Month

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion (XXE) in Solr config files (currency.xml, enumsConfig.xml referred from schema.xml,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Apache Solr Snapcenter Storage Automation Store
NVD
CVSS 3.0
5.5
EPSS
9.0%
CVE-2018-7944 MEDIUM This Month

Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and 8.1.0.107(SP5C00) have a Factory Reset Protection (FRP) bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emily Al00A Firmware
NVD
CVSS 3.0
6.8
EPSS
0.3%
CVE-2018-12691 MEDIUM PATCH This Month

Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Onos
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-9998 MEDIUM This Month

Open-Xchange OX App Suite before 7.6.3-rev37, 7.8.x before 7.8.2-rev40, 7.8.3 before 7.8.3-rev48, and 7.8.4 before 7.8.4-rev28 include folder names in API error responses, which allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-12103 MEDIUM This Month

An issue was discovered on D-Link DIR-890L with firmware 1.21B02beta01 and earlier, DIR-885L/R with firmware 1.21B03beta01 and earlier, and DIR-895L/R with firmware 1.21B04beta04 and earlier devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dir 890L Firmware Dir 885L R Firmware Dir 895L R Firmware
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-12021 MEDIUM PATCH This Month

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-13304 MEDIUM PATCH This Month

In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-13303 MEDIUM PATCH This Month

In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-13301 MEDIUM PATCH This Month

In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Ffmpeg
NVD GitHub
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-9997 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-8046 MEDIUM This Month

The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ext Js
NVD
CVSS 3.0
6.1
EPSS
67.0%
CVE-2018-13252 MEDIUM This Month

Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Syntera Customization Suite
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-8928 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Synology Carddav Server
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-3764 MEDIUM This Month

In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud XSS Contacts
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2018-3763 MEDIUM This Month

In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud XSS Calendar
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2018-3762 MEDIUM This Month

Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy