|
248011
|
8.8 |
HIGH
Network
|
quest
|
kace_system_management_appliance
|
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2018-11135
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248012
|
8.8 |
HIGH
Network
|
quest
|
kace_system_management_appliance
|
In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set …
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2018-11134
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248013
|
6.1 |
MEDIUM
Network
|
quest
|
kace_system_management_appliance
|
The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.
|
CWE-79
Cross-site Scripting
|
CVE-2018-11133
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248014
|
8.8 |
HIGH
Network
|
quest
|
kace_system_management_appliance
|
In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a se…
|
CWE-78
OS Command
|
CVE-2018-11132
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248015
|
8.8 |
HIGH
Network
|
bitmain
|
antminer_d3_firmware
antminer_l3\+_firmware
antminer_s9_firmware
|
Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function.
|
NVD-CWE-noinfo
|
CVE-2018-11220
|
2024-11-21 12:42 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248016
|
9.1 |
CRITICAL
Network
|
ruckuswireless
|
vsz_firmware
scg-200_firmware
sz-300_firmware
sz-100_firmware
|
Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain …
|
CWE-200
Information Exposure
|
CVE-2018-11036
|
2024-11-21 12:42 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248017
|
6.1 |
MEDIUM
Network
|
zimbra
synacor
|
zimbra_collaboration_suite
|
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10939
|
2024-11-21 12:42 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248018
|
5.3 |
MEDIUM
Network
|
schedmd
debian
|
slurm
debian_linux
|
SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
|
CWE-20
Improper Input Validation
|
CVE-2018-10995
|
2024-11-21 12:42 |
2018-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248019
|
7.5 |
HIGH
Network
|
canonical
git-scm
|
ubuntu_linux
git
|
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11233
|
2024-11-21 12:42 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248020
|
7.8 |
HIGH
Local
|
debian
canonical
redhat
git-scm
gitforwindows
|
debian_linux
ubuntu_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux
enterprise_linux_server
enterprise_linux_server_eus
git
|
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project…
|
CWE-22
Path Traversal
|
CVE-2018-11235
|
2024-11-21 12:42 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
