Skip to main content
CVE-2018-20201 HIGH POC This Week

There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Espruino
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2018-20197 HIGH POC This Week

There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Freeware Advanced Audio Decoder 2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-20196 HIGH POC This Week

There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Freeware Advanced Audio Decoder 2 Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2018-20194 HIGH POC This Week

There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Freeware Advanced Audio Decoder 2
NVD GitHub
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-20213 HIGH POC This Week

wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long name. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Denial Of Service Buffer Overflow Libexcel
NVD GitHub
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-4015 HIGH This Week

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brightcloud
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2018-16884 HIGH PATCH This Week

A flaw was found in the Linux kernel's NFS41+ subsystem. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Buffer Overflow Use After Free Privilege Escalation Linux Memory Corruption +5
NVD
CVSS 3.1
8.0
EPSS
1.5%
CVE-2017-15031 HIGH PATCH This Week

In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy