|
247681
|
9.8 |
CRITICAL
Network
|
jerryscript
|
jerryscript
|
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11419
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247682
|
9.8 |
CRITICAL
Network
|
jerryscript
|
jerryscript
|
An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in par…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11418
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247683
|
8.8 |
HIGH
Network
|
jpegoptim_project
|
jpegoptim
|
jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified…
|
CWE-415
Double Free
|
CVE-2018-11416
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247684
|
6.1 |
MEDIUM
Network
|
sap
|
internet_transaction_server
|
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases o…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11415
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247685
|
8.8 |
HIGH
Network
|
bearadmin_project
|
bearadmin
|
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.
|
CWE-89
SQL Injection
|
CVE-2018-11414
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247686
|
6.5 |
MEDIUM
Network
|
bearadmin_project
|
bearadmin
|
An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/d…
|
CWE-22
Path Traversal
|
CVE-2018-11413
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247687
|
5.9 |
MEDIUM
Network
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that sto…
|
CWE-416
Use After Free
|
CVE-2018-11412
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247688
|
4.8 |
MEDIUM
Network
|
clippercms
|
clippercms
|
Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2018-11332
|
2024-11-21 12:43 |
2018-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247689
|
7.5 |
HIGH
Network
|
dimoncoin
|
dimoncoin
|
The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) b…
|
CWE-20
Improper Input Validation
|
CVE-2018-11411
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247690
|
9.8 |
CRITICAL
Network
|
liblouis
canonical
|
liblouis
ubuntu_linux
|
An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly…
|
CWE-416
Use After Free
|
CVE-2018-11410
|
2024-11-21 12:43 |
2018-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
