Skip to main content
CVE-2018-15845 HIGH POC This Week

There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Gleez Cms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.3%
CVE-2018-15844 HIGH POC This Week

An issue was discovered in DamiCMS 6.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Damicms
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-15852 MEDIUM POC This Month

Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tc7200 20 Firmware
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-15871 MEDIUM POC This Month

An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-15870 MEDIUM POC This Month

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Libming
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-15851 HIGH This Week

An issue was discovered in Flexo CMS v0.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Flexo Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15850 HIGH This Week

An issue was discovered in REDAXO CMS 4.7.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Redaxo Cms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2018-15848 HIGH This Week

An issue was discovered in portfolioCMS 1.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Portfoliocms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-15846 HIGH This Week

An issue was discovered in fledrCMS through 2014-02-03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Fledrcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.7%
CVE-2018-15857 HIGH PATCH This Week

An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Libxkbcommon Xkbcommon +1
NVD GitHub
CVSS 3.0
7.8
EPSS
0.4%
CVE-2018-15847 MEDIUM This Month

An issue was discovered in puppyCMS 5.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Puppycms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-15875 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-15874 MEDIUM This Month

Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS D-Link Dir 615 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2018-15864 MEDIUM PATCH This Month

Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libxkbcommon Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15863 MEDIUM PATCH This Month

Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libxkbcommon Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15862 MEDIUM PATCH This Month

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libxkbcommon Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15861 MEDIUM PATCH This Month

Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libxkbcommon Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15859 MEDIUM PATCH This Month

Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Libxkbcommon Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15858 MEDIUM PATCH This Month

Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxkbcommon Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15856 MEDIUM PATCH This Month

An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15855 MEDIUM PATCH This Month

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15854 MEDIUM PATCH This Month

Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15853 MEDIUM PATCH This Month

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libxkbcommon Xkbcommon Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15869 MEDIUM This Month

An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Packer
NVD GitHub
CVSS 3.0
5.3
EPSS
1.8%
CVE-2018-15843 MEDIUM This Month

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Getsimple Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-15842 MEDIUM This Month

WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wolf Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-15849 MEDIUM This Month

An issue was discovered in portfolioCMS 1.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Portfoliocms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy