|
246061
|
8.1 |
HIGH
Network
|
kernel
|
linux-pam
|
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
|
NVD-CWE-noinfo
|
CVE-2018-17953
|
2024-11-21 12:55 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246062
|
7.8 |
HIGH
Local
|
denx
|
u-boot
|
DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-18440
|
2024-11-21 12:55 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246063
|
9.8 |
CRITICAL
Network
|
denx
|
u-boot
|
DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel imag…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-18439
|
2024-11-21 12:55 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246064
|
6.1 |
MEDIUM
Network
|
microfocus
|
access_manager
|
An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3.
|
CWE-601
Open Redirect
|
CVE-2018-17948
|
2024-11-21 12:55 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246065
|
8.8 |
HIGH
Adjacent
|
philips
|
intellispace_pacs
isite_pacs
|
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to comp…
|
CWE-306
CWE-1188
Missing Authentication for Critical Function
Insecure Default Initialization of Resource
|
CVE-2018-17906
|
2024-11-21 12:55 |
2018-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246066
|
6.1 |
MEDIUM
Network
|
ckeditor
|
ckeditor
|
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17960
|
2024-11-21 12:55 |
2018-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246067
|
7.8 |
HIGH
Local
|
omron
|
cx-supervisor
|
A type confusion vulnerability exists when processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, which may allow an attacker to execute code in the context of the application.
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2018-17913
|
2024-11-21 12:55 |
2018-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246068
|
7.8 |
HIGH
Local
|
omron
|
cx-supervisor
|
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under th…
|
CWE-416
Use After Free
|
CVE-2018-17909
|
2024-11-21 12:55 |
2018-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246069
|
3.3 |
LOW
Local
|
omron
|
cx-supervisor
|
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array.
|
CWE-200
Information Exposure
|
CVE-2018-17907
|
2024-11-21 12:55 |
2018-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246070
|
7.8 |
HIGH
Local
|
omron
|
cx-supervisor
|
When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with a specific byte, memory corruption may occur within a specific object.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17905
|
2024-11-21 12:55 |
2018-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
