|
247311
|
6.1 |
MEDIUM
Network
|
eventum_project
|
eventum
|
An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.
|
CWE-601
Open Redirect
|
CVE-2018-12621
|
2024-11-21 12:45 |
2019-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247312
|
6.1 |
MEDIUM
Network
|
digisol
|
dg-hr3400_firmware
|
DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12715
|
2024-11-21 12:45 |
2019-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247313
|
6.1 |
MEDIUM
Network
|
eventum_project
|
eventum
|
An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12624
|
2024-11-21 12:45 |
2019-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247314
|
5.9 |
MEDIUM
Network
|
yarnpkg
|
website
|
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-12556
|
2024-11-21 12:45 |
2019-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247315
|
5.9 |
MEDIUM
Network
|
mozilla
|
network_security_services
|
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher…
|
NVD-CWE-noinfo
|
CVE-2018-12404
|
2024-11-21 12:45 |
2019-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247316
|
5.9 |
MEDIUM
Network
|
mozilla
|
network_security_services
|
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv…
|
CWE-335
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
|
CVE-2018-12384
|
2024-11-21 12:45 |
2019-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247317
|
7.5 |
HIGH
Network
|
coapthon_project
|
coapthon
|
The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoA…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-12680
|
2024-11-21 12:45 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247318
|
7.5 |
HIGH
Network
|
coapthon3_project
|
coapthon3
|
The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-12679
|
2024-11-21 12:45 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247319
|
7.5 |
HIGH
Network
|
eclipse
fedoraproject
|
jetty
fedora
|
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many sm…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-12545
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247320
|
8.1 |
HIGH
Network
|
eclipse
|
mosquitto
|
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means…
|
CWE-287
Improper Authentication
|
CVE-2018-12551
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
