Skip to main content
CVE-2018-19219 MEDIUM POC This Month

In LibSass 3.5-stable, there is an illegal address access at Sass::Eval::operator that will lead to a DoS attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libsass
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-19218 MEDIUM POC This Month

In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parse_css_variable_value_token that will lead to a DoS attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libsass
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-19217 MEDIUM POC This Month

In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-19212 MEDIUM POC This Month

In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libwebm
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-19210 MEDIUM POC This Month

In LibTIFF 4.0.9, there is a NULL pointer dereference in the TIFFWriteDirectorySec function in tif_dirwrite.c that will lead to a denial of service attack, as demonstrated by tiffset. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libtiff Debian Linux Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-19208 MEDIUM POC This Month

In libwpd 0.10.2, there is a NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp that will lead to a denial of service attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libwpd Enterprise Linux Suse Linux Enterprise Server
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-19195 MEDIUM POC This Month

An issue was discovered in XiaoCms 20141229. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xiaocms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19193 MEDIUM POC This Month

An issue was discovered in XiaoCms 20141229. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xiaocms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19213 MEDIUM POC This Month

Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-19211 MEDIUM POC This Month

In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Ncurses
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19229 MEDIUM POC This Month

An issue was discovered in LAOBANCMS 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Laobancms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-19227 MEDIUM POC This Month

An issue was discovered in LAOBANCMS 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Laobancms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-19226 MEDIUM POC This Month

An issue was discovered in LAOBANCMS 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Laobancms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.2%
CVE-2018-19194 MEDIUM POC This Month

An issue was discovered in XiaoCms 20141229. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Xiaocms
NVD GitHub
CVSS 3.0
5.3
EPSS
0.9%
CVE-2018-19197 MEDIUM POC This Month

An issue was discovered in XiaoCms 20141229. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Xiaocms
NVD GitHub
CVSS 3.0
4.9
EPSS
1.4%
CVE-2018-19223 MEDIUM POC This Month

An issue was discovered in LAOBANCMS 2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Laobancms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19206 MEDIUM This Month

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webmail Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
60.2%
CVE-2018-1798 MEDIUM PATCH This Month

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-19209 MEDIUM PATCH This Month

Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy