Skip to main content
CVE-2018-19829 MEDIUM POC This Month

Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Integria Ims
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-18921 MEDIUM POC PATCH This Month

PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF PHP Php Server Monitor
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-19522 MEDIUM POC This Month

DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Driveragent
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-20199 MEDIUM POC This Month

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freeware Advanced Audio Decoder 2 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2018-20198 MEDIUM POC This Month

A NULL pointer dereference was discovered in ifilter_bank of libfaad/filtbank.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freeware Advanced Audio Decoder 2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-20195 MEDIUM POC This Month

A NULL pointer dereference was discovered in ic_predict of libfaad/ic_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Freeware Advanced Audio Decoder 2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2018-6978 MEDIUM PATCH This Month

vRealize Operations (7.x before 7.0.0.11287810, 6.7.x before 6.7.0.11286837 and 6.6.x before 6.6.1.11286876) contains a local privilege escalation vulnerability due to improper permissions of support. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Privilege Escalation Vrealize Operations
NVD
CVSS 3.0
6.7
EPSS
0.3%
CVE-2018-19790 MEDIUM PATCH This Month

An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Symfony Fedora Debian Linux
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-19789 MEDIUM PATCH This Month

An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9, and 4.2.x before 4.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE Symfony Debian Linux
NVD
CVSS 3.0
5.3
EPSS
3.6%
CVE-2018-1833 MEDIUM This Month

IBM Event Streams 2018.3.0 could allow a remote attacker to submit an API request with a fake Host request header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM Information Disclosure Event Streams
NVD
CVSS 3.0
5.3
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy