|
246721
|
8.8 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin Console is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading a user to visit …
|
CWE-352
Origin Validation Error
|
CVE-2018-1926
|
2024-11-21 13:00 |
2018-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246722
|
8.8 |
HIGH
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to temporarily gain elevated privileges on the system, caused by incorrect cached value being used. IBM X-Force ID: 152530.
|
NVD-CWE-noinfo
|
CVE-2018-1901
|
2024-11-21 13:00 |
2018-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246723
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-20099
|
2024-11-21 13:00 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246724
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20098
|
2024-11-21 13:00 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246725
|
6.5 |
MEDIUM
Network
|
exiv2 debian fedoraproject redhat
|
exiv2 debian_linux fedora enterprise_linux_workstation enterprise_linux_server enterprise_linux_dekstop
|
There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20097
|
2024-11-21 13:00 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246726
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf function of pngimage.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20096
|
2024-11-21 13:00 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246727
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-20095
|
2024-11-21 13:00 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246728
|
7.5 |
HIGH
Network
|
xuxueli
|
xxl-conf
|
An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can download any configuration file, related to ConfController.java and PropUtil.…
|
CWE-22
Path Traversal
|
CVE-2018-20094
|
2024-11-21 13:00 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246729
|
7.5 |
HIGH
Network
|
doorgets
|
doorgets
|
doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content…
|
CWE-22
Path Traversal
|
CVE-2018-20064
|
2024-11-21 13:00 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246730
|
7.5 |
HIGH
Network
|
frappe
|
erpnext
|
A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web…
|
CWE-89
SQL Injection
|
CVE-2018-20061
|
2024-11-21 13:00 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|