Skip to main content
CVE-2018-12979 MEDIUM POC This Month

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 762 3000 Firmware 762 3001 Firmware 762 3002 Firmware 762 3003 Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
7.9%
CVE-2018-14017 MEDIUM POC PATCH This Month

The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-14016 MEDIUM POC PATCH This Month

The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-14015 MEDIUM POC PATCH This Month

The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2018-13458 MEDIUM POC This Month

qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios Core
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
4.5%
CVE-2018-13457 MEDIUM POC This Month

qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios Core
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
4.5%
CVE-2018-13441 MEDIUM POC This Month

qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Nagios
NVD GitHub Exploit-DB
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-12981 MEDIUM POC This Month

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS 762 3000 Firmware 762 3001 Firmware 762 3002 Firmware 762 3003 Firmware
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
5.2%
CVE-2018-8024 MEDIUM POC PATCH This Month

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Apache Apple +2
NVD
CVSS 3.0
5.4
EPSS
5.0%
CVE-2018-13999 MEDIUM POC This Month

Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Catfish Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-13998 MEDIUM POC This Month

ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clippercms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-13796 MEDIUM PATCH This Month

An issue was discovered in GNU Mailman before 2.1.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mailman
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1334 MEDIUM PATCH This Month

In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running. Rated medium severity (CVSS 4.7). No vendor patch available.

Apache Information Disclosure Spark
NVD
CVSS 3.0
4.7
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy