|
248571
|
5.3 |
MEDIUM
Network
|
json-jwt_project
|
json-jwt
|
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attac…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-1000539
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248572
|
7.5 |
HIGH
Network
|
minio
|
minio
|
Minio Inc. Minio S3 server version prior to RELEASE.2018-05-16T23-35-33Z contains a Allocation of Memory Without Limits or Throttling (similar to CWE-774) vulnerability in write-to-RAM that can resul…
|
CWE-774
Allocation of File Descriptors or Handles Without Limits or Throttling
|
CVE-2018-1000538
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248573
|
9.8 |
CRITICAL
Network
|
marlinfw
|
marlin_firmware
|
Marlin Firmware Marlin version 1.1.x and earlier contains a Buffer Overflow vulnerability in cardreader.cpp (Depending on branch/version) that can result in Arbitrary code execution. This attack appe…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-1000537
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248574
|
6.1 |
MEDIUM
Network
|
getmedis
|
medis
|
Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creati…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000536
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248575
|
7.5 |
HIGH
Network
|
lms
|
lms
|
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be …
|
CWE-200
Information Exposure
|
CVE-2018-1000535
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248576
|
6.1 |
MEDIUM
Network
|
joplin_project
|
joplin
|
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Not…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000534
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248577
|
9.8 |
CRITICAL
Network
|
gitlist
|
gitlist
|
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This att…
|
CWE-20
Improper Input Validation
|
CVE-2018-1000533
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248578
|
4.7 |
MEDIUM
Local
|
beep_project
|
beep
|
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by oth…
|
CWE-22
Path Traversal
|
CVE-2018-1000532
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248579
|
7.5 |
HIGH
Network
|
inversoft
|
prime-jwt
|
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT…
|
CWE-20
Improper Input Validation
|
CVE-2018-1000531
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248580
|
6.1 |
MEDIUM
Network
|
grails
|
grails_fields
|
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8.
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000529
|
2024-11-21 12:40 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
