Skip to main content
CVE-2018-19664 MEDIUM POC This Month

libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put_pixel_rows function in wrbmp.c, as demonstrated by djpeg. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Libjpeg Turbo
NVD GitHub
CVSS 3.0
6.5
EPSS
1.7%
CVE-2018-19661 MEDIUM POC This Month

An issue was discovered in libsndfile 1.0.28. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libsndfile Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-19527 MEDIUM POC This Month

i4 assistant 7.85 allows XSS via a crafted machine name field within iOS settings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Apple Ai Si Assistant
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19693 MEDIUM POC This Month

An issue was discovered in tp5cms through 2017-05-25. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Tp5Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-11002 MEDIUM POC This Month

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19626 MEDIUM POC This Month

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19625 MEDIUM POC This Month

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Wireshark Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19624 MEDIUM POC This Month

In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19750 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.8%
CVE-2018-19752 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.3%
CVE-2018-19751 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.3%
CVE-2018-19749 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.3%
CVE-2018-12239 MEDIUM This Month

Norton prior to 22.15; Symantec Endpoint Protection (SEP) prior to 12.1.7454.7000 & 14.2; Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to NIS-22.15.1.8 & SEP-12.1.7454.7000;. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Protection Endpoint Protection Cloud Norton Antivirus
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-19497 MEDIUM PATCH This Month

In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow The Sleuth Kit Debian Linux +1
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2018-1762 MEDIUM This Month

IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Rational Collaborative Lifecycle Management Rational Doors Next Generation Rational Engineering Lifecycle Manager +4
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-16859 MEDIUM PATCH This Month

Execution of Ansible playbooks on Windows platforms with PowerShell ScriptBlock logging and Module logging enabled can allow for 'become' passwords to appear in EventLogs in plaintext. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Microsoft Information Disclosure Ansible Engine
NVD GitHub
CVSS 3.0
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy