|
246971
|
8.8 |
HIGH
Network
|
pivotal_software
|
pivotal_cloud_cache
|
Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using thi…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-1198
|
2024-11-21 12:59 |
2018-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246972
|
7.5 |
HIGH
Network
|
apache
|
mesos
|
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libproces…
|
CWE-20
Improper Input Validation
|
CVE-2018-1330
|
2024-11-21 12:59 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246973
|
8.1 |
HIGH
Network
|
redhat
|
gluster_storage
|
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens…
|
CWE-384
Session Fixation
|
CVE-2018-1127
|
2024-11-21 12:59 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246974
|
6.5 |
MEDIUM
Network
|
redhat
|
virtualization_host virtualization undertow
|
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-1114
|
2024-11-21 12:59 |
2018-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246975
|
4.3 |
MEDIUM
Network
|
fortinet
|
fortimanager
|
An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned ad…
|
CWE-200
Information Exposure
|
CVE-2018-1353
|
2024-11-21 12:59 |
2018-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246976
|
7.5 |
HIGH
Network
|
apache debian
|
traffic_server debian_linux
|
Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server (ATS) 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolv…
|
CWE-20
Improper Input Validation
|
CVE-2018-1318
|
2024-11-21 12:59 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246977
|
6.5 |
MEDIUM
Network
|
mikrotik
|
routeros
|
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-1159
|
2024-11-21 12:59 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246978
|
6.5 |
MEDIUM
Network
|
mikrotik
|
routeros
|
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON.
|
CWE-674
Uncontrolled Recursion
|
CVE-2018-1158
|
2024-11-21 12:59 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246979
|
6.5 |
MEDIUM
Network
|
mikrotik
|
routeros
|
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system v…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-1157
|
2024-11-21 12:59 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246980
|
8.8 |
HIGH
Network
|
mikrotik
|
routeros
|
Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker e…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-1156
|
2024-11-21 12:59 |
2018-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|