Skip to main content
CVE-2018-14998 MEDIUM POC This Month

The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Privilege Escalation Command Injection P1 Firmware
NVD
CVSS 3.0
6.8
EPSS
0.7%
CVE-2018-20574 MEDIUM POC This Month

The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Yaml Cpp
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-20573 MEDIUM POC This Month

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Yaml Cpp
NVD GitHub
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-20570 MEDIUM POC This Month

jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Jasper Debian Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-20551 MEDIUM POC PATCH This Month

A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Poppler Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-20544 MEDIUM POC This Month

There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libcaca Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.9%
CVE-2018-20543 MEDIUM POC This Month

There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libxsmm
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-20540 MEDIUM POC This Month

There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Liblas
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-20539 MEDIUM POC This Month

There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Liblas
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-20537 MEDIUM POC This Month

There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Liblas
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-20536 MEDIUM POC This Month

There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Denial Of Service Buffer Overflow Liblas
NVD
CVSS 3.0
6.5
EPSS
1.4%
CVE-2018-20534 MEDIUM POC PATCH This Month

There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Libsolv Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.3%
CVE-2018-20533 MEDIUM POC PATCH This Month

There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libsolv Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-20532 MEDIUM POC PATCH This Month

There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Libsolv Ubuntu Linux
NVD GitHub
CVSS 3.0
6.5
EPSS
2.1%
CVE-2018-15004 MEDIUM POC This Month

The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Qualcomm Canvas Firmware
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-15006 MEDIUM POC This Month

The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Denial Of Service Zte Zte Zmax Champ Firmware
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2018-15001 MEDIUM POC This Month

The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure V7 Firmware
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-14992 MEDIUM POC This Month

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google RCE Zenfone 3 Max Firmware
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-20538 MEDIUM POC This Month

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-20535 MEDIUM POC This Month

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Use After Free Netwide Assembler
NVD
CVSS 3.0
5.5
EPSS
0.8%
CVE-2018-20576 MEDIUM POC This Month

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Arv7519Rw22 Livebox 2 1 Firmware
NVD GitHub
CVSS 3.0
5.4
EPSS
0.4%
CVE-2018-16638 MEDIUM POC PATCH This Month

Evolution CMS 1.4.x allows XSS via the manager/ search parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-16637 MEDIUM POC PATCH This Month

Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Evolution Cms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-20530 MEDIUM POC This Month

PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Website Seller Script
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-20567 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Douphp
NVD GitHub
CVSS 3.0
5.3
EPSS
1.0%
CVE-2018-20566 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Douphp
NVD GitHub
CVSS 3.0
5.3
EPSS
1.3%
CVE-2018-16632 MEDIUM POC This Month

Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mezzanine
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-16630 MEDIUM POC This Month

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kirby
NVD GitHub
CVSS 3.0
4.8
EPSS
0.6%
CVE-2018-20565 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20564 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20563 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20562 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20561 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20560 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20559 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20558 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-20557 MEDIUM POC This Month

An issue was discovered in DouCo DouPHP 1.5 20181221. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Douphp
NVD GitHub
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-1000887 MEDIUM POC This Month

Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Peel Shopping
NVD GitHub
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-14995 MEDIUM POC This Month

The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Zte Information Disclosure Zte Blade Vantage Firmware Zte Blade Spark Firmware +2
NVD
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-14979 MEDIUM POC This Month

The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Information Disclosure Zenfone 3 Max Firmware
NVD
CVSS 3.0
4.7
EPSS
0.4%
CVE-2018-7366 MEDIUM This Month

ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zte Zxv10 B860Av2 1 Chinamobile Firmware
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-20528 MEDIUM This Month

JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Jeecms
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-1000629 MEDIUM This Month

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP V2I Hub
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2018-15335 MEDIUM This Month

When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.0
5.9
EPSS
1.4%
CVE-2018-15333 MEDIUM This Month

On versions 11.2.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

File Upload Big Ip Local Traffic Manager Big Ip Advanced Firewall Manager Big Ip Application Acceleration Manager Big Ip Analytics +9
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15002 MEDIUM This Month

The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone. Rated medium severity (CVSS 4.7). No vendor patch available.

Google Information Disclosure Qualcomm V7 Firmware
NVD
CVSS 3.0
4.7
EPSS
0.3%
CVE-2018-15334 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Big Ip Access Policy Manager
NVD
CVSS 3.0
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy