|
246551
|
8.1 |
HIGH
Network
|
exiv2
|
exiv2
|
samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14338
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246552
|
7.5 |
HIGH
Network
|
lightbend
|
play_framework
|
A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download …
|
CWE-22
Path Traversal
|
CVE-2018-13864
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246553
|
7.5 |
HIGH
Network
|
mruby
debian
|
mruby
debian_linux
|
The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14337
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246554
|
9.8 |
CRITICAL
Network
|
joyplus-cms_project
|
joyplus-cms
|
manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of cont…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-14334
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246555
|
8.1 |
HIGH
Network
|
teamviewer
|
teamviewer
|
TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain …
|
CWE-200
Information Exposure
|
CVE-2018-14333
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246556
|
8.8 |
HIGH
Network
|
xiaocms
|
xiaocms_x1
|
An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.
|
CWE-352
Origin Validation Error
|
CVE-2018-14331
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246557
|
4.7 |
MEDIUM
Local
|
htslib
|
htslib
|
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
|
CWE-362
CWE-59
Race Condition
Link Following
|
CVE-2018-14329
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246558
|
4.8 |
MEDIUM
Network
|
techotronic
|
all_in_one_favicon
|
Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2018-13832
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246559
|
8.8 |
HIGH
Network
|
techsmith
|
mp4v2
|
In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-14326
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246560
|
8.8 |
HIGH
Network
|
techsmith
|
mp4v2
|
In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2018-14325
|
2024-11-21 12:48 |
2018-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
