Skip to main content
CVE-2018-18647 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-18644 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-18640 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-12315 MEDIUM POC This Month

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
CVSS 3.0
6.5
EPSS
0.7%
CVE-2018-12308 MEDIUM POC This Month

Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encrypt_key" URL parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Data Master
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-19839 MEDIUM POC PATCH This Month

In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-19838 MEDIUM POC This Month

In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19837 MEDIUM POC PATCH This Month

In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-18642 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-12305 MEDIUM POC This Month

Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19843 MEDIUM POC PATCH This Month

opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-19842 MEDIUM POC PATCH This Month

getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-19841 MEDIUM POC PATCH This Month

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Wavpack Ubuntu Linux Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
2.5%
CVE-2018-12311 MEDIUM POC This Month

Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-12310 MEDIUM POC This Month

Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Data Master
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-11348 MEDIUM POC This Month

Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yunohost
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16633 MEDIUM POC This Month

Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pluck
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16631 MEDIUM POC This Month

Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16628 MEDIUM POC This Month

panel/login in Kirby v2.5.12 allows XSS via a blog name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kirby
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-17975 MEDIUM POC This Month

An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-16629 MEDIUM POC This Month

panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19849 MEDIUM POC This Month

An issue was discovered in YzmCMS 5.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-18645 MEDIUM POC This Month

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
4.3
EPSS
1.0%
CVE-2018-17976 MEDIUM This Month

An issue was discovered in GitLab Community Edition 11.x before 11.1.8, 11.2.x before 11.2.5, and 11.3.x before 11.3.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-6116 MEDIUM This Month

A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Null Pointer Dereference Denial Of Service Chrome Linux Desktop +3
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6115 MEDIUM This Month

Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-6108 MEDIUM This Month

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6107 MEDIUM This Month

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6105 MEDIUM This Month

Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.3%
CVE-2018-6104 MEDIUM This Month

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6103 MEDIUM This Month

A stagnant permission prompt in Prompts in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass permission policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-6099 MEDIUM This Month

A lack of CORS checks in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6098 MEDIUM This Month

Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-6095 MEDIUM This Month

Inappropriate dismissal of file picker on keyboard events in Blink in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to read local files via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6089 MEDIUM This Month

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Linux Desktop Linux Server +2
NVD
CVSS 3.0
6.5
EPSS
1.6%
CVE-2018-6982 MEDIUM This Month

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure VMware Workstation Fusion ESXi
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2018-18991 MEDIUM This Month

Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Scada Webserver
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-7987 MEDIUM This Month

There is an out-of-bounds write vulnerability on Huawei P20 smartphones with versions before 8.1.0.171(C00). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Huawei Buffer Overflow Denial Of Service P20 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-19840 MEDIUM PATCH This Month

The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Wavpack Ubuntu Linux Fedora Leap
NVD GitHub
CVSS 3.0
5.5
EPSS
2.3%
CVE-2018-7956 MEDIUM This Month

Huawei VIP App is a mobile app for Malaysia customers that purchased P20 Series, Nova 3/3i and Mate 20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Vip App Mate 20 Firmware Nova 3I Firmware +1
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2018-16478 MEDIUM This Month

A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Simplehttpserver
NVD
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-19854 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.19.3. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD GitHub
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-5496 MEDIUM This Month

Data ONTAP operating in 7-Mode versions prior to 8.2.5P2 are susceptible to a vulnerability which discloses sensitive information to an unauthorized user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Data Ontap
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2018-6102 MEDIUM This Month

Missing confusable characters in Internationalization in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Linux Desktop Linux Server Linux Workstation +2
NVD
CVSS 3.0
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy