|
246271
|
7.1 |
HIGH
Local
|
contiki-ng_project
|
contiki-ng
|
Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20579
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246272
|
7.5 |
HIGH
Network
|
nuttx
|
nuttx
|
An issue was discovered in NuttX before 7.27. The function netlib_parsehttpurl() in apps/netutils/netlib/netlib_parsehttpurl.c mishandles URLs longer than hostlen bytes (in the webclient, this is set…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-20578
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246273
|
9.1 |
CRITICAL
Network
|
orange
|
arv7519rw22_livebox_2.1_firmware
|
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin/setup_remote_mgmt.exe, cgi-bin/setup_pass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmwar…
|
CWE-352
Origin Validation Error
|
CVE-2018-20577
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246274
|
5.4 |
MEDIUM
Network
|
orange
|
arv7519rw22_livebox_2.1_firmware
|
Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phone_test.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is relat…
|
CWE-352
Origin Validation Error
|
CVE-2018-20576
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246275
|
7.5 |
HIGH
Network
|
orange
|
arv7519rw22_livebox_2.1_firmware
|
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardw…
|
CWE-20
Improper Input Validation
|
CVE-2018-20575
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246276
|
6.5 |
MEDIUM
Network
|
yaml-cpp_project
|
yaml-cpp
|
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20574
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246277
|
6.5 |
MEDIUM
Network
|
yaml-cpp_project
|
yaml-cpp
|
The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20573
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246278
|
9.8 |
CRITICAL
Network
|
wuzhicms
|
wuzhicms
|
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
|
CWE-89
SQL Injection
|
CVE-2018-20572
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246279
|
7.5 |
HIGH
Network
|
damicms
|
damicms
|
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global…
|
CWE-200
Information Exposure
|
CVE-2018-20571
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246280
|
6.5 |
MEDIUM
Network
|
jasper_project debian
|
jasper debian_linux
|
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20570
|
2024-11-21 13:01 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|