|
248901
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18023
|
2024-11-21 12:55 |
2018-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248902
|
3.3 |
LOW
Local
|
qpdf_project
|
qpdf
|
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a …
|
CWE-674
Uncontrolled Recursion
|
CVE-2018-18020
|
2024-11-21 12:55 |
2018-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248903
|
7.1 |
HIGH
Local
|
linux debian canonical
|
linux_kernel debian_linux ubuntu_linux
|
arch/arm64/kvm/guest.c in KVM in the Linux kernel before 4.18.12 on the arm64 platform mishandles the KVM_SET_ON_REG ioctl. This is exploitable by attackers who can create virtual machines. An attack…
|
CWE-20
Improper Input Validation
|
CVE-2018-18021
|
2024-11-21 12:55 |
2018-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248904
|
6.5 |
MEDIUM
Network
|
imagemagick
|
imagemagick
|
ImageMagick 7.0.7-28 has a memory leak vulnerability in WritePCXImage in coders/pcx.c.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-18016
|
2024-11-21 12:55 |
2018-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248905
|
8.8 |
HIGH
Network
|
razorcms
|
razorcms
|
rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password of an admin user.
|
CWE-352
Origin Validation Error
|
CVE-2018-17986
|
2024-11-21 12:55 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248906
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
An issue was discovered in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a stack consumption problem caused by the cplus_demangle_type function making recursive calls …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-17985
|
2024-11-21 12:55 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248907
|
7.8 |
HIGH
Local
|
ispconfig
|
ispconfig
|
An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have loc…
|
CWE-185
Incorrect Regular Expression
|
CVE-2018-17984
|
2024-11-21 12:55 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248908
|
9.1 |
CRITICAL
Network
|
mercurial
|
mercurial
|
cext/manifest.c in Mercurial before 4.7.2 has an out-of-bounds read during parsing of a malformed manifest entry.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-17983
|
2024-11-21 12:55 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248909
|
3.7 |
LOW
Network
|
carestream
|
carestream_vue_ris
|
Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users…
|
CWE-200
Information Exposure
|
CVE-2018-17891
|
2024-11-21 12:55 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248910
|
5.4 |
MEDIUM
Network
|
naviwebs
|
navigate_cms
|
Navigate CMS 2.8 has Stored XSS via a navigate_upload.php (aka File Upload) request with a multipart/form-data JavaScript payload.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17849
|
2024-11-21 12:55 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|