|
246451
|
9.8 |
CRITICAL
Network
|
wxjava_project
|
wxjava
|
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.
|
CWE-611
XXE
|
CVE-2018-20318
|
2024-11-21 13:01 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246452
|
7.5 |
HIGH
Network
|
qemu canonical fedoraproject
|
qemu ubuntu_linux fedora
|
hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference).
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20191
|
2024-11-21 13:01 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246453
|
7.5 |
HIGH
Network
|
qemu canonical
|
qemu ubuntu_linux
|
QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled).
|
CWE-252 CWE-835
Unchecked Return Value Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-20216
|
2024-11-21 13:01 |
2018-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246454
|
4.3 |
MEDIUM
Network
|
pulsesecure
|
virtual_traffic_manager
|
Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission va…
|
CWE-200
Information Exposure
|
CVE-2018-20307
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246455
|
5.4 |
MEDIUM
Network
|
pulsesecure
|
virtual_traffic_manager
|
A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2018-20306
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246456
|
6.5 |
MEDIUM
Network
|
coherence_project
|
coherence
|
An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow us…
|
CWE-20
Improper Input Validation
|
CVE-2018-20301
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246457
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-816_a2_firmware
|
D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lea…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20305
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246458
|
6.5 |
MEDIUM
Network
|
libexcel_project
|
libexcel
|
wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20304
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246459
|
7.5 |
HIGH
Network
|
gogs
|
gogs
|
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CV…
|
CWE-22
Path Traversal
|
CVE-2018-20303
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246460
|
6.1 |
MEDIUM
Network
|
emetrotel
|
xain
|
An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20302
|
2024-11-21 13:01 |
2018-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|