|
246701
|
9.8 |
CRITICAL
Network
|
gnu
redhat
oracle
netapp
|
glibc
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
virtualization_host
enterprise_communications_broker
communications_session_border_controller
…
|
stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit …
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2018-11236
|
2024-11-21 12:42 |
2018-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246702
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-550a_firmware
dir-604m_firmware
|
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can use a default TELNET account to get unauthorized access to vulnerable devices, aka a backdoor access vulnerability.
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2018-10968
|
2024-11-21 12:42 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246703
|
8.8 |
HIGH
Network
|
d-link
|
dir-550a_firmware
dir-604m_firmware
|
On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious user can forge an HTTP request to inject operating system commands that can be executed on the device with higher privileges, aka …
|
CWE-78
OS Command
|
CVE-2018-10967
|
2024-11-21 12:42 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246704
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrect…
|
CWE-20
Improper Input Validation
|
CVE-2018-11232
|
2024-11-21 12:42 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246705
|
7.8 |
HIGH
Local
|
vcftools_project
|
vcftools
|
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a craft…
|
CWE-416
Use After Free
|
CVE-2018-11130
|
2024-11-21 12:42 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246706
|
7.8 |
HIGH
Local
|
vcftools_project
|
vcftools
|
The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted…
|
CWE-416
Use After Free
|
CVE-2018-11129
|
2024-11-21 12:42 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246707
|
7.8 |
HIGH
Local
|
pdfparser
|
pdfparser
|
The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 PDFParser allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly execute arbitrary code via a…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11128
|
2024-11-21 12:42 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246708
|
6.1 |
MEDIUM
Network
|
signal
|
signal-desktop
|
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11101
|
2024-11-21 12:42 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246709
|
5.5 |
MEDIUM
Local
|
vcftools_project
|
vcftools
|
The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted vcf file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11099
|
2024-11-21 12:42 |
2018-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246710
|
6.1 |
MEDIUM
Network
|
ilias
|
ilias
|
Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11120
|
2024-11-21 12:42 |
2018-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
