|
246441
|
5.5 |
MEDIUM
Local
|
linux
debian
canonical
|
linux_kernel
debian_linux
ubuntu_linux
|
An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on i…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-12896
|
2024-11-21 12:46 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246442
|
6.5 |
MEDIUM
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least…
|
NVD-CWE-noinfo
|
CVE-2018-12893
|
2024-11-21 12:46 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246443
|
9.9 |
CRITICAL
Network
|
debian
xen
|
debian_linux
xen
|
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Maliciou…
|
CWE-200
Information Exposure
|
CVE-2018-12892
|
2024-11-21 12:46 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246444
|
6.5 |
MEDIUM
Local
|
debian
xen
|
debian_linux
xen
|
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain poi…
|
NVD-CWE-noinfo
|
CVE-2018-12891
|
2024-11-21 12:46 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246445
|
7.5 |
HIGH
Network
|
zzcms
|
zzcms
|
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. Thi…
|
CWE-20
Improper Input Validation
|
CVE-2018-13056
|
2024-11-21 12:46 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246446
|
8.1 |
HIGH
Network
|
debian
linuxmint
|
debian_linux
cinnamon
|
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_…
|
CWE-59
Link Following
|
CVE-2018-13054
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246447
|
3.3 |
LOW
Local
|
linux
canonical
debian
|
linux_kernel
ubuntu_linux
debian_linux
|
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-13053
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246448
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
|
CWE-89
SQL Injection
|
CVE-2018-13050
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246449
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
|
CWE-89
SQL Injection
|
CVE-2018-13049
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246450
|
9.8 |
CRITICAL
Network
|
debian
canonical
|
devscripts
ubuntu_linux
|
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
|
CWE-94
Code Injection
|
CVE-2018-13043
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
