|
246471
|
8.1 |
HIGH
Network
|
intelbras
|
nplug_firmware
|
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
|
CWE-287
Improper Authentication
|
CVE-2018-12455
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246472
|
9.8 |
CRITICAL
Network
|
eclipse
|
vert.x
|
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the…
|
CWE-611
XXE
|
CVE-2018-12544
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246473
|
9.8 |
CRITICAL
Network
|
eclipse
|
vert.x
|
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (…
|
CWE-22
Path Traversal
|
CVE-2018-12542
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246474
|
6.5 |
MEDIUM
Network
|
eclipse
|
vert.x
|
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12541
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246475
|
9.8 |
CRITICAL
Network
|
tibco
|
spotfire_statistics_services
|
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attack…
|
NVD-CWE-noinfo
|
CVE-2018-12410
|
2024-11-21 12:45 |
2018-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246476
|
7.5 |
HIGH
Network
|
opensuse
|
open_build_service
|
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions pri…
|
CWE-20
Improper Input Validation
|
CVE-2018-12479
|
2024-11-21 12:45 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246477
|
6.5 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: sta…
|
CWE-20
Improper Input Validation
|
CVE-2018-12478
|
2024-11-21 12:45 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246478
|
7.5 |
HIGH
Network
|
opensuse
|
leap
|
A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affect…
|
CWE-93
CRLF Injection
|
CVE-2018-12477
|
2024-11-21 12:45 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246479
|
9.8 |
CRITICAL
Network
|
opensuse
|
tar_scm
|
Improper input validation in obs-service-tar_scm of Open Build Service allows remote attackers to cause access and extract information outside the current build or cause the creation of file in attac…
|
CWE-20
Improper Input Validation
|
CVE-2018-12474
|
2024-11-21 12:45 |
2018-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246480
|
9.1 |
CRITICAL
Network
|
suse
|
subscription_management_tool
|
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
|
CWE-287
Improper Authentication
|
CVE-2018-12472
|
2024-11-21 12:45 |
2018-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
