|
246291
|
8.1 |
HIGH
Network
|
amazon
|
amazon_web_services_freertos
freertos
|
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code…
|
NVD-CWE-noinfo
|
CVE-2018-16525
|
2024-11-21 12:52 |
2018-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246292
|
5.9 |
MEDIUM
Network
|
amazon
|
amazon_web_services_freertos
freertos
|
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of T…
|
CWE-200
Information Exposure
|
CVE-2018-16524
|
2024-11-21 12:52 |
2018-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246293
|
7.4 |
HIGH
Network
|
amazon
|
amazon_web_services_freertos
freertos
|
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.
|
CWE-369
Divide By Zero
|
CVE-2018-16523
|
2024-11-21 12:52 |
2018-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246294
|
8.1 |
HIGH
Network
|
amazon
|
amazon_web_services_freertos
|
Amazon Web Services (AWS) FreeRTOS through 1.3.1 has an uninitialized pointer free in SOCKETS_SetSockOpt.
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2018-16522
|
2024-11-21 12:52 |
2018-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246295
|
5.3 |
MEDIUM
Network
|
simplehttpserver_project
|
simplehttpserver
|
A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root.
|
CWE-22
Path Traversal
|
CVE-2018-16478
|
2024-11-21 12:52 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246296
|
6.5 |
MEDIUM
Network
|
rubyonrails
|
rails
|
A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in w…
|
NVD-CWE-noinfo
|
CVE-2018-16477
|
2024-11-21 12:52 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246297
|
7.5 |
HIGH
Network
|
rubyonrails
redhat
|
rails
cloudforms
|
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to inform…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-16476
|
2024-11-21 12:52 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246298
|
6.5 |
MEDIUM
Network
|
lenovo
|
xclarity_integrator
|
LXCI for VMware versions prior to 5.5 and LXCI for Microsoft System Center versions prior to 3.5, allow an authenticated user to write to any system file due to insufficient sanitization during the u…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16097
|
2024-11-21 12:52 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246299
|
6.5 |
MEDIUM
Network
|
lenovo
|
xclarity_integrator
|
In versions prior to 5.5, LXCI for VMware allows an authenticated user to write to any system file due to insufficient sanitization during the upload of a backup file.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16093
|
2024-11-21 12:52 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246300
|
8.8 |
HIGH
Network
|
mi
|
miwifi_os
|
System command injection in request_mitv in Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary system commands via the "payload" URL parameter.
|
CWE-78
OS Command
|
CVE-2018-16130
|
2024-11-21 12:52 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
