|
248471
|
5.5 |
MEDIUM
Local
|
gnu
redhat
|
binutils
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
|
process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10372
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248472
|
4.8 |
MEDIUM
Network
|
wuzhicms
|
wuzhi_cms
|
An issue was discovered in WUZHI CMS 4.1.0. The "Extension Module -> System Announcement" feature has Stored XSS via an announcement.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10368
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248473
|
4.8 |
MEDIUM
Network
|
wuzhicms
|
wuzhi_cms
|
An issue was discovered in WUZHI CMS 4.1.0. The content-management feature has Stored XSS via the title or content section.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10367
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248474
|
6.1 |
MEDIUM
Network
|
user_project
|
user
|
An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10366
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248475
|
5.4 |
MEDIUM
Network
|
catapultthemes
|
cookie_consent
|
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HT…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10310
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248476
|
9.8 |
CRITICAL
Network
|
phpliteadmin
|
phpliteadmin
|
An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to …
|
CWE-287
Improper Authentication
|
CVE-2018-10362
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248477
|
7.8 |
HIGH
Local
|
kde
|
ktexteditor
|
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allo…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2018-10361
|
2024-11-21 12:41 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248478
|
6.1 |
MEDIUM
Network
|
phpipam
|
phpipam
|
app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10329
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248479
|
7.4 |
HIGH
Adjacent
|
momentum
|
momentum_axel_720p_firmware
|
Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming for the appagent account, which allows remote attackers to view the RTSP video stream.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-10328
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248480
|
5.5 |
MEDIUM
Local
|
linux
canonical
debian
|
linux_kernel
ubuntu_linux
debian_linux
|
The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a …
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-10323
|
2024-11-21 12:41 |
2018-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
