Skip to main content
CVE-2018-15671 MEDIUM POC This Month

An issue was discovered in the HDF HDF5 1.10.2 library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Hdf5
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15607 MEDIUM POC This Month

In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
5.2%
CVE-2018-15533 MEDIUM POC This Month

A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Re Porter 16 Firmware
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.6%
CVE-2018-15528 MEDIUM POC This Month

Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Sso Plugin
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15660 MEDIUM POC This Month

An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Olamoney
NVD GitHub
CVSS 3.0
5.9
EPSS
1.2%
CVE-2018-15603 MEDIUM This Month

An issue was discovered in Victor CMS through 2018-05-10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Victor Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-0501 MEDIUM PATCH This Month

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Jwt Attack Information Disclosure Ubuntu Linux Advanced Package Tool
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-15669 MEDIUM This Month

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Airmail 3
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-15668 MEDIUM This Month

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Airmail 3
NVD
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-15599 MEDIUM This Month

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Dropbear Ssh
NVD
CVSS 3.0
5.3
EPSS
2.7%
CVE-2018-15670 MEDIUM This Month

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Airmail
NVD
CVSS 3.0
4.3
EPSS
0.7%
CVE-2018-10932 MEDIUM This Month

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Lldptool
NVD GitHub
CVSS 3.0
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy