Skip to main content
CVE-2018-16425 MEDIUM POC PATCH This Month

A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16424 MEDIUM POC PATCH This Month

A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16423 MEDIUM POC PATCH This Month

A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16422 MEDIUM POC PATCH This Month

A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16421 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16420 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16419 MEDIUM POC PATCH This Month

Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16418 MEDIUM POC PATCH This Month

A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
6.6
EPSS
0.7%
CVE-2018-16458 MEDIUM POC This Month

An issue was discovered in baigo CMS v2.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Baigo Cms
NVD GitHub
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-16449 MEDIUM POC This Month

OneThink 1.1.141212 allows CSRF for adding a page via admin.php?s=/Channel/add.html, adding a blog via admin.php?s=/Article/update.html, and setting the audit state via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Onethink
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-16450 MEDIUM POC This Month

CraftedWeb through 2013-09-24 has reflected XSS via the p parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Craftedweb
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16435 MEDIUM POC PATCH This Month

Little CMS (aka Little Color Management System) 2.9 has an integer overflow in the AllocateDataSet function in cmscgats.c, leading to a heap-based buffer overflow in the SetData function via a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Little Cms Color Engine Ubuntu Linux Enterprise Linux Desktop +3
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-16426 MEDIUM POC PATCH This Month

Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Opensc
NVD GitHub
CVSS 3.0
4.3
EPSS
0.6%
CVE-2018-10930 MEDIUM PATCH This Month

A flaw was found in RPC request using gfs3_rename_req in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Enterprise Linux Enterprise Linux Server Debian Linux +3
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-10924 MEDIUM PATCH This Month

It was discovered that fsync(2) system call in glusterfs client code leaks memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Glusterfs
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-10914 MEDIUM This Month

It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which will result in a remote denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Glusterfs Virtualization Host Enterprise Linux Server +2
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2018-10913 MEDIUM PATCH This Month

An information disclosure vulnerability was discovered in glusterfs server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Glusterfs Virtualization Host Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2018-0672 MEDIUM This Month

Cross-site scripting vulnerability in Movable Type versions prior to Ver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Movable Type
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-14627 MEDIUM PATCH This Month

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Wildfly
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-6554 MEDIUM PATCH This Month

Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-7990 MEDIUM This Month

Mate10 Pro Huawei smart phones with the versions before 8.1.0.326(C00) have a FRP bypass vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate 10 Pro Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-7936 MEDIUM This Month

Mate 10 Pro Huawei smart phones with the versions before BLA-L29 8.0.0.148(C432) have a Factory Reset Protection (FRP) bypass security vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Mate 10 Pro Firmware
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2018-16427 MEDIUM PATCH This Month

Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Opensc
NVD GitHub
CVSS 3.0
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy