|
247901
|
7.5 |
HIGH
Network
|
zohocorp
|
manageengine_adaudit_plus
|
Zoho ManageEngine ADAudit before 5.1 build 5120 allows remote attackers to cause a denial of service (stack-based buffer overflow) via the 'Domain Name' field when adding a new domain.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-19118
|
2024-11-21 12:57 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247902
|
6.5 |
MEDIUM
Network
|
grafana redhat netapp
|
grafana enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ceph_storage active_iq_performance_analytics_services storagegrid_webscale_nas_bridge
|
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
|
CWE-200
Information Exposure
|
CVE-2018-19039
|
2024-11-21 12:57 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247903
|
4.3 |
MEDIUM
Physics
|
philips
|
healthsuite_health
|
Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2018-19001
|
2024-11-21 12:57 |
2018-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247904
|
7.8 |
HIGH
Local
|
omron
|
cx-one cx-programmer cx-server
|
Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-18993
|
2024-11-21 12:57 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247905
|
9.8 |
CRITICAL
Network
|
budabot
|
budabot
|
In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a…
|
CWE-78
OS Command
|
CVE-2018-19290
|
2024-11-21 12:57 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247906
|
7.5 |
HIGH
Network
|
kde
|
kde_applications
|
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
|
CWE-200
Information Exposure
|
CVE-2018-19120
|
2024-11-21 12:57 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247907
|
6.6 |
MEDIUM
Network
|
yoast
|
yoast_seo
|
A Race condition vulnerability in unzip_file in admin/import/class-import-settings.php in the Yoast SEO (wordpress-seo) plugin before 9.2.0 for WordPress allows an SEO Manager to perform command exec…
|
CWE-362
Race Condition
|
CVE-2018-19370
|
2024-11-21 12:57 |
2018-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247908
|
7.8 |
HIGH
Local
|
artifex debian canonical redhat
|
ghostscript debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_tus enterprise_linux_server_eus ent…
|
psi/zfjbig2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a JBIG2Decode type confusion.
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2018-19477
|
2024-11-21 12:57 |
2018-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247909
|
7.8 |
HIGH
Local
|
artifex debian canonical redhat
|
ghostscript debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_tus enterprise_linux_server_eus ent…
|
psi/zicc.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because of a setcolorspace type confusion.
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2018-19476
|
2024-11-21 12:57 |
2018-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247910
|
7.8 |
HIGH
Local
|
artifex debian canonical redhat
|
ghostscript debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_tus enterprise_linux_server_eus ent…
|
psi/zdevice2.c in Artifex Ghostscript before 9.26 allows remote attackers to bypass intended access restrictions because available stack space is not checked when the device remains the same.
|
NVD-CWE-noinfo
|
CVE-2018-19475
|
2024-11-21 12:57 |
2018-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|