|
247561
|
5.5 |
MEDIUM
Local
|
driveragent
|
driveragent
|
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr…
|
CWE-20
Improper Input Validation
|
CVE-2018-19522
|
2024-11-21 12:58 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247562
|
5.5 |
MEDIUM
Local
|
virustotal
|
yara
|
In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.
|
CWE-200
Information Exposure
|
CVE-2018-19976
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247563
|
5.5 |
MEDIUM
Local
|
virustotal
|
yara
|
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-19975
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247564
|
5.5 |
MEDIUM
Local
|
virustotal
|
yara
|
In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (no…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2018-19974
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247565
|
6.5 |
MEDIUM
Network
|
printeron
|
printeron
|
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
|
CWE-20
Improper Input Validation
|
CVE-2018-19936
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247566
|
6.1 |
MEDIUM
Network
|
bolt
|
bolt_cms
|
Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19933
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247567
|
6.1 |
MEDIUM
Network
|
artica
|
integria_ims
|
Artica Integria IMS 5.0.83 has XSS via the search_string parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19828
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247568
|
6.1 |
MEDIUM
Network
|
infovista
|
vistaportal
|
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via the ConnPoolName or GroupId parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19822
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247569
|
6.1 |
MEDIUM
Network
|
infovista
|
vistaportal
|
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via the ConnPoolName parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19821
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247570
|
6.1 |
MEDIUM
Network
|
infovista
|
vistaportal
|
Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via the ConnPoolName parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19820
|
2024-11-21 12:58 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|