|
247471
|
7.8 |
HIGH
Local
|
qualcomm
|
mdm9206_firmware
mdm9607_firmware
mdm9650_firmware
msm8909w_firmware
msm8996au_firmware
sd_210_firmware
sd_212_firmware
sd_205_firmware
sd_425_firmware
sd_450_firmware
s…
|
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD …
|
CWE-416
Use After Free
|
CVE-2018-11258
|
2024-11-21 12:43 |
2018-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247472
|
7.5 |
HIGH
Network
|
atlant
|
atlant
|
ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-11429
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247473
|
7.5 |
HIGH
Network
|
genesis_vision
|
gvtoken
|
GVToken Genesis Vision (GVT) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-11335
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247474
|
8.8 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
SQL injection vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to execute arbitrary SQL commands via the filterPattern parameter.
|
CWE-89
SQL Injection
|
CVE-2018-11643
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247475
|
7.8 |
HIGH
Local
|
dialogic
|
powermedia_xms
|
Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-11642
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247476
|
9.8 |
CRITICAL
Network
|
dialogic
|
powermedia_xms
|
Use of Hard-coded Credentials in /var/www/xms/application/controllers/gatherLogs.php in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to interact with a we…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-11641
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247477
|
9.1 |
CRITICAL
Network
|
dialogic
|
powermedia_xms
|
XML External Entity (XXE) vulnerability in the web service in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers to read arbitrary files or cause a denial of service (resource consumption…
|
CWE-611
XXE
|
CVE-2018-11640
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247478
|
8.1 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
Plaintext Storage of Passwords within Cookies in /var/www/xms/application/controllers/verifyLogin.php in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows remote attackers t…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-11639
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247479
|
7.2 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to …
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-11638
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247480
|
7.5 |
HIGH
Network
|
dialogic
|
powermedia_xms
|
Information leakage vulnerability in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote attackers to read arbitrary files from the /var/ directory because a symlink exist…
|
CWE-59
Link Following
|
CVE-2018-11637
|
2024-11-21 12:43 |
2018-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
