Skip to main content
CVE-2018-18829 MEDIUM POC This Month

There exists a NULL pointer dereference in ff_vc1_parse_frame_header_adv in vc1.c in Libav 12.3, which allows attackers to cause a denial-of-service through a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18828 MEDIUM POC This Month

There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18827 MEDIUM POC This Month

There exists a heap-based buffer over-read in ff_vc1_pred_dc in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18826 MEDIUM POC This Month

There exists a heap-based buffer overflow in vc1_decode_p_mb_intfi in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libav
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-18840 MEDIUM POC This Month

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16467 MEDIUM POC This Month

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Information Disclosure Nextcloud Server
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-18841 MEDIUM POC This Month

XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Semcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-17931 MEDIUM This Month

If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Vgo Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-18825 MEDIUM This Month

Pagoda Linux panel V6.0 has XSS via the verification code associated with an invalid account login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pagoda Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-0734 MEDIUM PATCH This Month

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Ubuntu Linux Debian Linux Node Js +15
NVD
CVSS 3.1
5.9
EPSS
12.2%
CVE-2018-16464 MEDIUM This Month

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.0
5.7
EPSS
0.9%
CVE-2018-16468 MEDIUM PATCH This Month

In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loofah Debian Linux
NVD GitHub
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-17783 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-17782 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Manage Filters page (manage_filter_page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS RCE PHP Mantisbt
NVD
CVSS 3.0
5.4
EPSS
0.7%
CVE-2018-16465 MEDIUM This Month

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Nextcloud Authentication Bypass Nextcloud Server
NVD
CVSS 3.0
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy