|
246561
|
9.8 |
CRITICAL
Network
|
plex
|
media_server
|
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vu…
|
CWE-611
XXE
|
CVE-2018-13415
|
2024-11-21 12:47 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246562
|
6.1 |
MEDIUM
Network
|
atlassian
|
fisheye
crucible
|
Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue k…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13392
|
2024-11-21 12:47 |
2018-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246563
|
6.1 |
MEDIUM
Adjacent
|
atlassian
|
cloudtoken
|
Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles.
|
NVD-CWE-noinfo
|
CVE-2018-13390
|
2024-11-21 12:47 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246564
|
9.8 |
CRITICAL
Network
|
spirton
|
universal_media_server
|
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use th…
|
CWE-611
XXE
|
CVE-2018-13416
|
2024-11-21 12:47 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246565
|
8.1 |
HIGH
Network
|
atlassian
|
sourcetree
|
There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree f…
|
CWE-88
Argument Injection
|
CVE-2018-13386
|
2024-11-21 12:47 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246566
|
9.8 |
CRITICAL
Network
|
atlassian
|
sourcetree
|
There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for…
|
CWE-88
Argument Injection
|
CVE-2018-13385
|
2024-11-21 12:47 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246567
|
6.1 |
MEDIUM
Network
|
atlassian
|
jira
jira_server
|
The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9…
|
CWE-79
Cross-site Scripting
|
CVE-2018-13387
|
2024-11-21 12:47 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246568
|
5.5 |
MEDIUM
Local
|
nagios
|
nagios_core
|
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the …
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-13458
|
2024-11-21 12:47 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246569
|
5.5 |
MEDIUM
Local
|
nagios
|
nagios_core
|
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the …
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-13457
|
2024-11-21 12:47 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246570
|
5.5 |
MEDIUM
Local
|
nagios
|
nagios
|
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload …
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-13441
|
2024-11-21 12:47 |
2018-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
