|
246551
|
6.8 |
MEDIUM
Physics
|
apollotechnologiesinc
|
momentum_axel_720p_firmware
|
An issue was discovered on Momentum Axel 720P 5.1.8 devices. Custom Firmware Upgrade is possible via an SD Card. With physical access, an attacker can upgrade the firmware in under 60 seconds by inse…
|
NVD-CWE-noinfo
|
CVE-2018-12258
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246552
|
4.4 |
MEDIUM
Local
|
apollotechnologiesinc
|
momentum_axel_720p_firmware
|
An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade f…
|
CWE-295
Improper Certificate Validation
|
CVE-2018-12257
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246553
|
8.8 |
HIGH
Network
|
harmistechnology
|
ek_rishta
|
router.php in the Harmis Ek rishta (aka ek-rishta) 2.10 component for Joomla! allows SQL Injection via the PATH_INFO to a home/requested_user/Sent%20interest/ URI.
|
CWE-89
SQL Injection
|
CVE-2018-12254
|
2024-11-21 12:44 |
2018-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246554
|
7.5 |
HIGH
Network
|
mruby
debian
|
mruby
debian_linux
|
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because "class BasicObject" is not properly supported in class.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-12249
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246555
|
7.5 |
HIGH
Network
|
mruby
|
mruby
|
An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12248
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246556
|
7.5 |
HIGH
Network
|
mruby
|
mruby
|
An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class, related to certain .clone usage, because mrb_obj_clone in kernel.c copies flags other than the MRB_FLAG_IS_FR…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-12247
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246557
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12233
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246558
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sock…
|
CWE-362
Race Condition
|
CVE-2018-12232
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246559
|
6.1 |
MEDIUM
Network
|
sfu
|
open_journal_system
|
Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12229
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246560
|
6.5 |
MEDIUM
Network
|
sangoma
|
asterisk
|
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk get…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-12228
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
