|
246511
|
9.8 |
CRITICAL
Network
|
pbc_project
|
pbc
|
In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12916
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246512
|
9.8 |
CRITICAL
Network
|
pbc_project
|
pbc
|
In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12915
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246513
|
9.8 |
CRITICAL
Network
|
publiccms
|
publiccms
|
A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12914
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246514
|
7.5 |
HIGH
Network
|
miniz_project
|
miniz
|
In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-12913
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246515
|
7.2 |
HIGH
Network
|
hongcms_project
|
hongcms
|
An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.
|
CWE-89
SQL Injection
|
CVE-2018-12912
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246516
|
7.5 |
HIGH
Network
|
webgrind_project
|
webgrind
|
Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the…
|
CWE-22
Path Traversal
|
CVE-2018-12909
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246517
|
9.8 |
CRITICAL
Network
|
brynamics
|
brynamics
|
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstr…
|
CWE-200
Information Exposure
|
CVE-2018-12908
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246518
|
7.5 |
HIGH
Network
|
rclone
|
rclone
|
In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no val…
|
CWE-200
Information Exposure
|
CVE-2018-12907
|
2024-11-21 12:46 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246519
|
6.1 |
MEDIUM
Network
|
joyplus-cms_project
|
joyplus-cms
|
joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12905
|
2024-11-21 12:46 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246520
|
4.9 |
MEDIUM
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial…
|
NVD-CWE-noinfo
|
CVE-2018-12904
|
2024-11-21 12:46 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
