Skip to main content
CVE-2018-20502 MEDIUM POC This Month

An issue was discovered in Bento4 1.5.1-627. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20481 MEDIUM POC PATCH This Month

XRef::getEntry in XRef.cc in Poppler 0.72.0 mishandles unallocated XRef entries, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PDF document, when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Poppler Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
3.4%
CVE-2018-20467 MEDIUM POC PATCH This Month

In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Imagemagick Leap Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-19799 MEDIUM POC This Month

Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dolibarr
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
4.5%
CVE-2018-19615 MEDIUM POC This Month

Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Rockwell Powermonitor 1000 Firmware
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.3%
CVE-2018-20486 MEDIUM POC This Month

MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20476 MEDIUM POC This Month

An issue was discovered in S-CMS 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18537 MEDIUM POC This Month

The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Aura Sync Firmware
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-20482 MEDIUM POC PATCH This Month

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c). Rated medium severity (CVSS 4.7). Public exploit code available.

Denial Of Service Tar Debian Linux Leap
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2018-19871 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qt Leap
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-19869 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Leap
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-20485 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.3%
CVE-2018-20484 MEDIUM POC This Month

Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the self-update layout implementation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Adselfservice Plus
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.3%
CVE-2018-0724 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Q Center Virtual Appliance
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-0723 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Q Center Virtual Appliance
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-20217 MEDIUM PATCH This Month

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Kerberos Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy