Skip to main content
CVE-2018-19926 MEDIUM POC This Month

Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ip Stationweb Firmware
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19924 MEDIUM POC This Month

An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sales Company Management System
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19922 MEDIUM POC This Month

Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS C1000A Firmware
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16603 MEDIUM POC This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16602 MEDIUM POC This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16600 MEDIUM POC This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16599 MEDIUM POC This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16527 MEDIUM POC PATCH This Month

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-16524 MEDIUM POC This Month

Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.8%
CVE-2018-19891 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19890 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19889 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19888 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19887 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-19886 MEDIUM POC This Month

An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Freeware Advanced Audio Coder
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2018-19882 MEDIUM POC This Month

In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Mupdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19881 MEDIUM POC This Month

In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mupdf
NVD GitHub
CVSS 3.0
5.5
EPSS
1.6%
CVE-2018-19927 MEDIUM POC This Month

Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ip Stationweb Firmware
NVD
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-19919 MEDIUM POC This Month

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Pixelimity
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-19915 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
4.0%
CVE-2018-19914 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
3.3%
CVE-2018-19913 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub Exploit-DB
CVSS 3.0
4.8
EPSS
1.8%
CVE-2018-19892 MEDIUM POC This Month

DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Domainmod
NVD GitHub
CVSS 3.0
4.8
EPSS
1.5%
CVE-2018-19921 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-18362 MEDIUM This Month

Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Norton Password Manager
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-1504 MEDIUM This Month

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to hijack the clicking action of the victim. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure I2 Enterprise Insight Analysis
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-16598 MEDIUM PATCH This Month

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Amazon Web Services Freertos Freertos
NVD GitHub
CVSS 3.0
5.9
EPSS
1.5%
CVE-2018-1525 MEDIUM This Month

IBM i2 Enterprise Insight Analysis 2.1.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure I2 Enterprise Insight Analysis
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-19665 MEDIUM PATCH This Month

The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Buffer Overflow Qemu Leap
NVD
CVSS 3.1
5.7
EPSS
0.9%
CVE-2018-9566 MEDIUM This Month

In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2018-9554 MEDIUM This Month

In dumpExtractors of IMediaExtractor.cp, there is a possible disclosure of recently accessed media files due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2018-9552 MEDIUM PATCH This Month

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Google Memory Corruption Information Disclosure Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2018-9548 MEDIUM PATCH This Month

In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2018-1871 MEDIUM PATCH This Month

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Financial Transaction Manager
NVD
CVSS 3.0
5.4
EPSS
1.0%
CVE-2018-1935 MEDIUM PATCH This Month

IBM Connections 5.0, 5.5, and 6.0 could allow an authenticated user to obtain sensitive information from invalid request error messages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Connections
NVD
CVSS 3.0
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy