Skip to main content
CVE-2018-20201 HIGH POC This Week

There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Espruino
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-20197 HIGH POC This Week

There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Freeware Advanced Audio Decoder 2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-20196 HIGH POC This Week

There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Freeware Advanced Audio Decoder 2 Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2018-20194 HIGH POC This Week

There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Freeware Advanced Audio Decoder 2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-20213 HIGH POC This Week

wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Buffer Overflow Libexcel
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-19829 MEDIUM POC This Month

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Integria Ims
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-18921 MEDIUM POC PATCH This Month

PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Php Server Monitor
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-17777 CRITICAL Act Now

An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass D-Link Dva 5592 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2018-19522 MEDIUM POC This Month

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Driveragent
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-20199 MEDIUM POC This Month

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freeware Advanced Audio Decoder 2 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2018-20198 MEDIUM POC This Month

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freeware Advanced Audio Decoder 2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-20195 MEDIUM POC This Month

A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freeware Advanced Audio Decoder 2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-4015 HIGH This Week

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brightcloud
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2018-16884 HIGH PATCH This Week

A flaw was found in the Linux kernel's NFS41+ subsystem. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Use After Free Privilege Escalation Linux Memory Corruption +5
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2017-15031 HIGH PATCH This Week

In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2018-6978 MEDIUM PATCH This Month

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Vrealize Operations
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-19790 MEDIUM PATCH This Month

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Symfony Fedora Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-19789 MEDIUM PATCH This Month

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Symfony Debian Linux
NVD
CVSS 3.0
5.3
EPSS
3.6%
CVE-2018-1833 MEDIUM This Month

IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Event Streams
NVD
CVSS 3.0
5.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy