|
246541
|
5.9 |
MEDIUM
Network
|
yarnpkg
|
website
|
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-12556
|
2024-11-21 12:45 |
2019-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246542
|
5.9 |
MEDIUM
Network
|
mozilla
|
network_security_services
|
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher…
|
NVD-CWE-noinfo
|
CVE-2018-12404
|
2024-11-21 12:45 |
2019-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246543
|
5.9 |
MEDIUM
Network
|
mozilla
|
network_security_services
|
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2018-12384
|
2024-11-21 12:45 |
2019-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246544
|
7.5 |
HIGH
Network
|
coapthon_project
|
coapthon
|
The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoA…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-12680
|
2024-11-21 12:45 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246545
|
7.5 |
HIGH
Network
|
coapthon3_project
|
coapthon3
|
The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-12679
|
2024-11-21 12:45 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246546
|
7.5 |
HIGH
Network
|
eclipse
fedoraproject
|
jetty
fedora
|
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many sm…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-12545
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246547
|
8.1 |
HIGH
Network
|
eclipse
|
mosquitto
|
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means…
|
CWE-287
Improper Authentication
|
CVE-2018-12551
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246548
|
8.1 |
HIGH
Network
|
eclipse
|
mosquitto
|
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as thoug…
|
NVD-CWE-noinfo
|
CVE-2018-12550
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246549
|
6.5 |
MEDIUM
Network
|
eclipse
|
mosquitto
|
In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12546
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246550
|
6.1 |
MEDIUM
Network
|
myadrenalin
|
adrenalin
|
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12653
|
2024-11-21 12:45 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
