|
247861
|
5.4 |
MEDIUM
Network
|
grafana
|
grafana
|
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000816
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247862
|
4.3 |
MEDIUM
Network
|
brave
|
brave
|
Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result …
|
CWE-20
Improper Input Validation
|
CVE-2018-1000815
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247863
|
7.5 |
HIGH
Network
|
asset_pipeline_project
|
asset-pipeline
|
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in D…
|
CWE-22
Path Traversal
|
CVE-2018-1000817
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247864
|
6.5 |
MEDIUM
Network
|
aiohttp-session_project
|
aiohttp-session
|
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan.…
|
CWE-613
Insufficient Session Expiration
|
CVE-2018-1000814
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247865
|
4.8 |
MEDIUM
Network
|
backdropcms
|
backdrop_cms
|
Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScrip…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000813
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247866
|
8.1 |
HIGH
Network
|
artica
|
integria_ims
|
Artica Integria IMS version 5.0 MR56 Package 58, likely earlier versions contains a CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability in Password recovery process, line 4…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-1000812
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247867
|
8.8 |
HIGH
Network
|
bludit
|
bludit
|
bludit version 3.0.0 contains a Unrestricted Upload of File with Dangerous Type vulnerability in Content Upload in Pages Editor that can result in Remote Command Execution. This attack appear to be e…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-1000811
|
2024-11-21 12:40 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247868
|
9.8 |
CRITICAL
Network
|
paloaltonetworks
|
expedition
|
The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/applicati…
|
CWE-269
Improper Privilege Management
|
CVE-2018-10143
|
2024-11-21 12:40 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247869
|
8.8 |
HIGH
Network
|
jenkins
redhat
|
pipeline\
openshift_container_platform
|
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/…
|
CWE-269
Improper Privilege Management
|
CVE-2018-1000866
|
2024-11-21 12:40 |
2018-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247870
|
8.8 |
HIGH
Network
|
jenkins
redhat
|
script_security
openshift_container_platform
|
A sandbox bypass vulnerability exists in Script Security Plugin 1.47 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java that allows attackers with Job/Conf…
|
CWE-269
Improper Privilege Management
|
CVE-2018-1000865
|
2024-11-21 12:40 |
2018-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
