Skip to main content
CVE-2018-14048 MEDIUM POC PATCH This Month

An issue has been found in libpng 1.6.34. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libpng Jdk Jre
NVD GitHub
CVSS 3.1
6.5
EPSS
3.0%
CVE-2018-14036 MEDIUM POC PATCH This Month

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Accountsservice
NVD
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-14042 MEDIUM POC PATCH This Month

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bootstrap
NVD GitHub
CVSS 3.0
6.1
EPSS
4.0%
CVE-2018-14041 MEDIUM POC PATCH This Month

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bootstrap
NVD GitHub
CVSS 3.0
6.1
EPSS
4.3%
CVE-2018-14040 MEDIUM POC PATCH This Month

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Debian Linux Bootstrap
NVD GitHub
CVSS 3.0
6.1
EPSS
4.1%
CVE-2018-14047 MEDIUM POC This Month

An issue has been found in PNGwriter 0.7.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Pngwriter
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-14052 MEDIUM This Month

An issue has been found in libwav through 2017-04-20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libwav
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-14050 MEDIUM This Month

An issue has been found in libwav through 2017-04-20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libwav
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-14049 MEDIUM This Month

An issue has been found in libwav through 2017-04-20. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libwav
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-9070 MEDIUM This Month

For the Lenovo Smart Assistant Android app versions earlier than 12.1.82, an attacker with physical access to the smart speaker can, by pressing a specific button sequence, enter factory test mode. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Google Information Disclosure Lenovo Smart Assistant
NVD
CVSS 3.0
6.4
EPSS
0.3%
CVE-2018-10631 MEDIUM This Month

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass N Vision 8840 Firmware N Vision 8870 Firmware
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2018-1255 MEDIUM This Month

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rsa Identity Governance And Lifecycle
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-10098 MEDIUM This Month

In MicroWorld eScan Internet Security Suite (ISS) for Business 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \\.\econceal to cause a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Escan Internet Security Suite
NVD
CVSS 3.0
5.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy