Skip to main content
CVE-2018-20190 MEDIUM POC This Month

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::Eval::operator()(Sass::Supports_Operator*) in eval.cpp may cause a Denial of Service (application crash) via a crafted sass input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Libsass
NVD GitHub
CVSS 3.0
6.5
EPSS
2.6%
CVE-2018-20189 MEDIUM POC PATCH This Month

In GraphicsMagick 1.3.31, the ReadDIBImage function of coders/dib.c has a vulnerability allowing a crash and denial of service via a dib file that is crafted to appear with direct pixel values and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-20186 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1-627. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.2%
CVE-2018-20184 MEDIUM POC PATCH This Month

In GraphicsMagick 1.4 snapshot-20181209 Q8, there is a heap-based buffer overflow in the WriteTGAImage function of tga.c, which allows attackers to cause a denial of service via a crafted image file,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Buffer Overflow Graphicsmagick Debian Linux
NVD
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-19936 MEDIUM POC This Month

PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Printeron
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-18246 MEDIUM POC This Month

Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Icinga Web 2
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2018-14856 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14855 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14854 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14852 MEDIUM POC This Month

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
1.0%
CVE-2018-19933 MEDIUM POC PATCH This Month

Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bolt Cms
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.5%
CVE-2018-19828 MEDIUM POC This Month

Artica Integria IMS 5.0.83 has XSS via the search_string parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Integria Ims
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.3%
CVE-2018-20172 MEDIUM POC This Month

An issue was discovered in Nagios XI before 5.5.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-20171 MEDIUM POC This Month

An issue was discovered in Nagios XI before 5.5.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Nagios Xi
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-19822 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19821 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19820 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19819 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19818 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19817 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19816 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19815 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19814 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19813 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19812 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19811 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19810 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19809 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19775 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19774 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19773 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19772 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19771 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19770 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19769 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19768 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19767 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19766 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19765 MEDIUM POC This Month

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-19649 MEDIUM POC This Month

XSS exists in InfoVista VistaPortal SE Version 5.1 (build 51029). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vistaportal
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-18248 MEDIUM POC This Month

Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icinga Web 2
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-19976 MEDIUM POC This Month

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yara
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-19975 MEDIUM POC This Month

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Yara
NVD GitHub
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-19974 MEDIUM POC This Month

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yara
NVD GitHub
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-18247 MEDIUM POC This Month

Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icinga Web 2
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-18245 MEDIUM POC This Month

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nagios Core Debian Linux
NVD
CVSS 3.0
5.4
EPSS
2.6%
CVE-2018-20185 MEDIUM POC PATCH This Month

In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms, there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Graphicsmagick Debian Linux +1
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2018-20170 MEDIUM POC PATCH This Month

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keystone
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-14853 MEDIUM POC This Month

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Null Pointer Dereference Denial Of Service Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
4.3
EPSS
0.9%
CVE-2018-20169 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.19.9. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy