|
246191
|
7.5 |
HIGH
Network
|
rdesktop debian
|
rdesktop debian_linux
|
rdesktop versions up to and including v1.8.3 contains several Integer Signedness errors that lead to Out-Of-Bounds Reads in the file mcs.c and result in a Denial of Service (segfault).
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20175
|
2024-11-21 13:01 |
2019-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246192
|
7.5 |
HIGH
Network
|
rdesktop
|
rdesktop
|
rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20174
|
2024-11-21 13:01 |
2019-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246193
|
7.8 |
HIGH
Local
|
microvirt
|
memu
|
An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe service binary is vulnerable to local privilege escalation through binary planting due to insecure permissions set at install time…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-20621
|
2024-11-21 13:01 |
2019-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246194
|
5.9 |
MEDIUM
Network
|
botan_project
|
botan
|
A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of th…
|
CWE-320
Key Management Errors
|
CVE-2018-20187
|
2024-11-21 13:01 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246195
|
8.8 |
HIGH
Network
|
atlassian
|
sourcetree
|
There was an command injection vulnerability in Sourcetree for Windows from version 0.5a before version 3.0.10 via URI handling. A remote attacker could send a malicious URI to a victim using Sourcet…
|
CWE-77
Command Injection
|
CVE-2018-20236
|
2024-11-21 13:01 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246196
|
8.8 |
HIGH
Network
|
atlassian
|
sourcetree
|
There was an argument injection vulnerability in Atlassian Sourcetree for Windows from version 0.5a before version 3.0.15 via filenames in Mercurial repositories. A remote attacker with permission to…
|
NVD-CWE-noinfo
|
CVE-2018-20235
|
2024-11-21 13:01 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246197
|
8.8 |
HIGH
Network
|
atlassian
|
sourcetree
|
There was an argument injection vulnerability in Atlassian Sourcetree for macOS from version 1.2 before version 3.1.1 via filenames in Mercurial repositories. A remote attacker with permission to com…
|
CWE-88
Argument Injection
|
CVE-2018-20234
|
2024-11-21 13:01 |
2019-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246198
|
5.5 |
MEDIUM
Network
|
apache
|
airflow
|
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20244
|
2024-11-21 13:01 |
2019-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246199
|
5.4 |
MEDIUM
Network
|
atlassian
|
fisheye crucible
|
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerabil…
|
CWE-79
Cross-site Scripting
|
CVE-2018-20241
|
2024-11-21 13:01 |
2019-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246200
|
4.8 |
MEDIUM
Network
|
atlassian
|
fisheye crucible
|
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerab…
|
CWE-79
Cross-site Scripting
|
CVE-2018-20240
|
2024-11-21 13:01 |
2019-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|