|
247591
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12605
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247592
|
5.3 |
MEDIUM
Network
|
navercorp
|
whale
|
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious we…
|
CWE-20
Improper Input Validation
|
CVE-2018-12448
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247593
|
7.2 |
HIGH
Network
|
microfocus
|
groupwise
|
A vulnerability in the administration console of Micro Focus GroupWise prior to version 18.0.2 may allow a remote attacker authenticated as an administrator to upload files to an arbitrary path on th…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-12468
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247594
|
6.5 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12467
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247595
|
6.5 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12466
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247596
|
9.8 |
CRITICAL
Network
|
adobe
|
acrobat_dc
acrobat_reader_dc
|
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arb…
|
CWE-416
Use After Free
|
CVE-2018-12815
|
2024-11-21 12:45 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247597
|
9.8 |
CRITICAL
Network
|
adobe
|
acrobat_dc
acrobat_reader_dc
|
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arb…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2018-12812
|
2024-11-21 12:45 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247598
|
7.5 |
HIGH
Network
|
adobe
|
experience_manager
|
Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-12809
|
2024-11-21 12:45 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247599
|
9.8 |
CRITICAL
Network
|
adobe
|
connect
|
Adobe Connect versions 9.7.5 and earlier have an Insecure Library Loading vulnerability. Successful exploitation could lead to privilege escalation.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2018-12805
|
2024-11-21 12:45 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247600
|
9.8 |
CRITICAL
Network
|
adobe
|
connect
|
Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking.
|
CWE-287
Improper Authentication
|
CVE-2018-12804
|
2024-11-21 12:45 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
