Skip to main content
CVE-2018-20453 MEDIUM POC This Month

The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libdoc
NVD GitHub
CVSS 3.0
6.5
EPSS
0.9%
CVE-2018-20451 MEDIUM POC This Month

The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Libdoc
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2018-20450 MEDIUM POC This Month

The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libxls
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20464 MEDIUM POC This Month

There is a reflected XSS vulnerability in the CMS Made Simple 2.2.8 admin/myaccount.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Cms Made Simple
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20462 MEDIUM POC This Month

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Jsmol2Wp
NVD
CVSS 3.0
6.1
EPSS
4.0%
CVE-2018-20454 MEDIUM POC This Month

An issue was discovered in 74cms v4.2.111. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP 74Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20461 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.1, core_anal_bytes in libr/core/cmd_anal.c allows attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting a binary file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-20460 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2018-20459 MEDIUM POC PATCH This Month

In radare2 through 3.1.3, the armass_assemble function in libr/asm/arch/arm/armass.c allows attackers to cause a denial-of-service (application crash by out-of-bounds read) by crafting an arm. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2018-20458 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.1, r_bin_dyldcache_extract in libr/bin/format/mach0/dyldcache.c may allow attackers to cause a denial-of-service (application crash caused by out-of-bounds read) by crafting. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2018-20456 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash in libr/util/strbuf.c via a stack-based buffer. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-20455 MEDIUM POC PATCH This Month

In radare2 prior to 3.1.1, the parseOperand function inside libr/asm/p/asm_x86_nz.c may allow attackers to cause a denial of service (application crash via a stack-based buffer overflow) by crafting. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Denial Of Service Buffer Overflow Radare2
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2018-20448 MEDIUM POC This Month

Frog CMS 0.9.5 has XSS via the Database name field to the /install/index.php URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Frog Cms
NVD GitHub Exploit-DB
CVSS 3.0
5.4
EPSS
1.7%
CVE-2018-20457 MEDIUM PATCH This Month

In radare2 through 3.1.3, the assemble function inside libr/asm/p/asm_arm_cs.c allows attackers to cause a denial-of-service (application crash via an r_num_calc out-of-bounds read) by crafting an. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Buffer Overflow Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy