|
245911
|
6.5 |
MEDIUM
Network
|
libpg_query_project
|
libpg_query
|
An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-18482
|
2024-11-21 12:56 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245912
|
6.5 |
MEDIUM
Network
|
libopencad_project
|
libopencad
|
A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadCHAR function in lib/dwg/io.cpp, resulting in an application crash.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18481
|
2024-11-21 12:56 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245913
|
6.5 |
MEDIUM
Network
|
libopencad_project
|
libopencad
|
A heap-based buffer over-read exists in libopencad 0.2.0 in the ReadMCHAR function in lib/dwg/io.cpp, resulting in an application crash.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18480
|
2024-11-21 12:56 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245914
|
6.1 |
MEDIUM
Network
|
librenms
|
librenms
|
Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, rel…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18478
|
2024-11-21 12:56 |
2018-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245915
|
9.8 |
CRITICAL
Network
|
abus
|
tvip_10000_firmware
tvip_10001_firmware
tvip_10005_firmware
tvip_10005a_firmware
tvip_10005b_firmware
tvip_10050_firmware
tvip_10051_firmware
tvip_10055a_firmware
tvip_10055b_…
|
An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.
|
CWE-78
OS Command
|
CVE-2018-17879
|
2024-11-21 12:55 |
2023-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245916
|
9.8 |
CRITICAL
Network
|
abus
|
tvip_10000_firmware
tvip_10001_firmware
tvip_10005_firmware
tvip_10005a_firmware
tvip_10005b_firmware
tvip_10050_firmware
tvip_10051_firmware
tvip_10055a_firmware
tvip_10055b_…
|
Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-17878
|
2024-11-21 12:55 |
2023-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245917
|
6.1 |
MEDIUM
Network
|
otrs
|
otrs
|
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent op…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17883
|
2024-11-21 12:55 |
2023-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245918
|
9.8 |
CRITICAL
Network
|
dotpdn
|
paint.net
|
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-18447
|
2024-11-21 12:55 |
2022-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245919
|
9.8 |
CRITICAL
Network
|
dotpdn
|
paint.net
|
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-18446
|
2024-11-21 12:55 |
2022-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245920
|
8.8 |
HIGH
Network
|
poly
|
trio_8800_firmware
|
A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-17875
|
2024-11-21 12:55 |
2021-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
