Skip to main content
CVE-2018-16646 MEDIUM POC This Month

In Poppler 0.68.0, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poppler Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.9%
CVE-2018-16310 MEDIUM POC This Month

Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tg588V Firmware
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-16641 MEDIUM POC PATCH This Month

ImageMagick 7.0.8-6 has a memory leak vulnerability in the TIFFWritePhotoshopLayers function in coders/tiff.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Imagemagick
NVD GitHub
CVSS 3.0
6.5
EPSS
2.0%
CVE-2018-16606 MEDIUM POC This Month

In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Proconf
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
5.9%
CVE-2018-16285 MEDIUM POC This Month

The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Userpro
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-12234 MEDIUM POC This Month

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Adrenalin
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.9%
CVE-2018-1000670 MEDIUM POC This Month

KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Koha
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-1000671 MEDIUM POC This Month

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Sympa Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
4.0%
CVE-2018-16459 MEDIUM POC PATCH This Month

An unescaped payload in exceljs <v1.6 allows a possible XSS via cell value when worksheet is displayed in browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Exceljs
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-5389 MEDIUM POC This Month

The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Brute Force Internet Key Exchange
NVD
CVSS 3.0
5.9
EPSS
3.0%
CVE-2018-16648 MEDIUM POC This Month

In Artifex MuPDF 1.13.0, the fz_append_byte function in fitz/buffer.c allows remote attackers to cause a denial of service (segmentation fault) via a crafted pdf file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf
NVD
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-16647 MEDIUM POC This Month

In Artifex MuPDF 1.13.0, the pdf_get_xref_entry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service (segmentation fault in fz_write_data in fitz/output.c) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Mupdf
NVD
CVSS 3.0
5.5
EPSS
1.5%
CVE-2018-16517 MEDIUM POC This Month

asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Netwide Assembler
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
5.2%
CVE-2018-1000801 MEDIUM POC PATCH This Month

okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Okular Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.8%
CVE-2018-1000667 MEDIUM POC This Month

NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netwide Assembler
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-16622 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Doracms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-16261 MEDIUM This Month

In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2018-16645 MEDIUM PATCH This Month

There is an excessive memory allocation issue in the functions ReadBMPImage of coders/bmp.c and ReadDIBImage of coders/dib.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.2%
CVE-2018-16644 MEDIUM PATCH This Month

There is a missing check for length in the functions ReadDCMImage of coders/dcm.c and ReadPICTImage of coders/pict.c in ImageMagick 7.0.8-11, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-16643 MEDIUM PATCH This Month

The functions ReadDCMImage in coders/dcm.c, ReadPWPImage in coders/pwp.c, ReadCALSImage in coders/cals.c, and ReadPICTImage in coders/pict.c in ImageMagick 7.0.8-4 do not check the return value of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Imagemagick Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
3.1%
CVE-2018-16642 MEDIUM PATCH This Month

The function InsertRow in coders/cut.c in ImageMagick 7.0.7-37 allows remote attackers to cause a denial of service via a crafted image file due to an out-of-bounds write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Buffer Overflow Imagemagick Ubuntu Linux +1
NVD GitHub
CVSS 3.0
6.5
EPSS
3.0%
CVE-2018-16640 MEDIUM PATCH This Month

ImageMagick 7.0.8-5 has a memory leak vulnerability in the function ReadOneJNGImage in coders/png.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Imagemagick Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-1000668 MEDIUM PATCH This Month

jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Jsish
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1000663 MEDIUM PATCH This Month

jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Jsish
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-1000661 MEDIUM This Month

jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Jsish
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-14366 MEDIUM This Month

download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Open Redirect Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-5005 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
3.9%
CVE-2018-1000665 MEDIUM PATCH This Month

Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dojo
NVD GitHub
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-1000664 MEDIUM This Month

daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Dsub For Subsonic
NVD GitHub
CVSS 3.0
5.9
EPSS
0.5%
CVE-2018-1695 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, and 8.5.5 installations using Form Login could allow a remote attacker to conduct spoofing attacks. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass IBM Websphere Application Server
NVD
CVSS 3.0
5.6
EPSS
2.2%
CVE-2018-15749 MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Apple Pulse Secure Desktop Client
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-15726 MEDIUM This Month

The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Ivanti Command Injection Pulse Secure Desktop Client
NVD
CVSS 3.0
5.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy