|
246261
|
8.8 |
HIGH
Network
|
hsweb
|
hsweb
|
A CSRF issue was discovered in web/authorization/oauth2/controller/OAuth2ClientController.java in hsweb 3.0.4 because the state parameter in the request is not compared with the state parameter in th…
|
CWE-352
Origin Validation Error
|
CVE-2018-20595
|
2024-11-21 13:01 |
2018-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246262
|
6.1 |
MEDIUM
Network
|
hsweb
|
hsweb
|
An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20594
|
2024-11-21 13:01 |
2018-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246263
|
5.5 |
MEDIUM
Local
|
msweet fedoraproject
|
mini-xml fedora
|
In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20593
|
2024-11-21 13:01 |
2018-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246264
|
5.5 |
MEDIUM
Local
|
msweet fedoraproject
|
mini-xml fedora
|
In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted …
|
CWE-416
Use After Free
|
CVE-2018-20592
|
2024-11-21 13:01 |
2018-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246265
|
6.5 |
MEDIUM
Network
|
libming
|
libming
|
A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstra…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20591
|
2024-11-21 13:01 |
2018-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246266
|
4.8 |
MEDIUM
Network
|
generic_content_management_system_project
|
generic_content_management_system
|
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20590
|
2024-11-21 13:01 |
2018-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246267
|
4.8 |
MEDIUM
Network
|
generic_content_management_system_project
|
generic_content_management_system
|
Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20589
|
2024-11-21 13:01 |
2018-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246268
|
6.5 |
MEDIUM
Network
|
otfcc_project
|
otfcc
|
lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20588
|
2024-11-21 13:01 |
2018-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246269
|
6.5 |
MEDIUM
Network
|
jasper_project debian oracle
|
jasper debian_linux outside_in_technology
|
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
|
NVD-CWE-noinfo
|
CVE-2018-20584
|
2024-11-21 13:01 |
2018-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246270
|
6.1 |
MEDIUM
Network
|
thephpleague
|
commonmark
|
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsaf…
|
CWE-79
Cross-site Scripting
|
CVE-2018-20583
|
2024-11-21 13:01 |
2018-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|