|
246141
|
7.5 |
HIGH
Network
|
merge_project
|
merge
|
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a den…
|
CWE-20
Improper Input Validation
|
CVE-2018-16469
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246142
|
5.4 |
MEDIUM
Network
|
loofah_project
debian
|
loofah
debian_linux
|
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16468
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246143
|
5.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.
|
CWE-287
Improper Authentication
|
CVE-2018-16467
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246144
|
8.1 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2018-16466
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246145
|
5.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.
|
CWE-287
Improper Authentication
|
CVE-2018-16465
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246146
|
5.7 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.
|
CWE-287
Improper Authentication
|
CVE-2018-16464
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246147
|
3.1 |
LOW
Network
|
nextcloud
|
nextcloud_server
|
A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.
|
CWE-384
Session Fixation
|
CVE-2018-16463
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246148
|
10.0 |
CRITICAL
Network
|
apex-publish-static-files_project
|
apex-publish-static-files
|
A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.
|
CWE-78
OS Command
|
CVE-2018-16462
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246149
|
9.8 |
CRITICAL
Network
|
libnmap_project
|
libnmap
|
A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.
|
CWE-78
OS Command
|
CVE-2018-16461
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246150
|
6.1 |
MEDIUM
Network
|
telligent
|
community
|
Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16235
|
2024-11-21 12:52 |
2018-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
