|
246401
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14343
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246402
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribut…
|
CWE-834
Excessive Iteration
|
CVE-2018-14342
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246403
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offse…
|
CWE-190
CWE-835
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-14341
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246404
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avo…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14340
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246405
|
7.5 |
HIGH
Network
|
wireshark
debian
|
wireshark
debian_linux
|
In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.
|
CWE-20
CWE-835
Improper Input Validation
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-14339
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246406
|
9.8 |
CRITICAL
Network
|
joyplus-cms_project
|
joyplus-cms
|
joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.
|
CWE-89
SQL Injection
|
CVE-2018-14389
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246407
|
5.4 |
MEDIUM
Network
|
joyplus-cms_project
|
joyplus-cms
|
joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14388
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246408
|
8.8 |
HIGH
Network
|
wondercms
|
wondercms
|
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authe…
|
CWE-384
Session Fixation
|
CVE-2018-14387
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246409
|
9.8 |
CRITICAL
Network
|
gitlab
|
gitlab
|
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab pro…
|
CWE-22
Path Traversal
|
CVE-2018-14364
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246410
|
5.4 |
MEDIUM
Network
|
freelancewebdesignerchennai
|
job_portal
|
PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14082
|
2024-11-21 12:48 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
