Skip to main content
CVE-2018-18661 MEDIUM POC This Month

An issue was discovered in LibTIFF 4.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.9%
CVE-2018-18690 MEDIUM POC PATCH This Month

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Linux Linux Kernel Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
0.7%
CVE-2018-18662 MEDIUM POC This Month

There is an out-of-bounds read in fz_run_t3_glyph in fitz/font.c in Artifex MuPDF 1.14.0, as demonstrated by mutool. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Mupdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-18660 MEDIUM PATCH This Month

An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Udp
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2018-11951 MEDIUM This Month

Improper access control in core module lead XBL_LOADER performs the ZI region clear for QTEE instead of XBL_SEC in Snapdragon Mobile in version SD 845, SD 850. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qualcomm Sd 845 Firmware Sd 850 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-11846 MEDIUM This Month

The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850. Rated medium severity (CVSS 4.7). No vendor patch available.

Qualcomm Information Disclosure Sd 210 Firmware Sd 212 Firmware Sd 205 Firmware +2
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2018-18655 MEDIUM PATCH This Month

Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Prayer
NVD
CVSS 3.0
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy