Skip to main content
CVE-2018-16393 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-16392 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-16391 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-16410 MEDIUM POC PATCH This Month

Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Vanilla
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-16407 MEDIUM POC PATCH This Month

An issue was discovered in Mayan EDMS before 3.0.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mayan Edms
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-16406 MEDIUM POC PATCH This Month

An issue was discovered in Mayan EDMS before 3.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mayan Edms
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-16405 MEDIUM POC PATCH This Month

An issue was discovered in Mayan EDMS before 3.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mayan Edms
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-16371 MEDIUM POC This Month

PESCMS Team 2.2.1 has multiple reflected XSS via the keyword parameter: g=Team&m=User&a=index&keyword=, g=Team&m=User_group&a=index&keyword=, g=Team&m=Department&a=index&keyword=, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pescms Team
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16403 MEDIUM POC This Month

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Elfutils
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-16382 MEDIUM POC This Month

Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-16369 MEDIUM POC This Month

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-16368 MEDIUM POC This Month

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Xpdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-16373 MEDIUM POC This Month

Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Frog Cms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.1%
CVE-2018-16379 MEDIUM POC This Month

Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ogma Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16374 MEDIUM POC This Month

Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Frog Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16372 MEDIUM This Month

The issue was discovered in IdeaCMS through 2016-04-30. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Ideacms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16397 MEDIUM This Month

In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Limesurvey
NVD GitHub
CVSS 3.0
4.9
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy