|
246641
|
8.8 |
HIGH
Network
|
auth0
|
aspnet-owin
aspnet
|
An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applicatio…
|
CWE-352
Origin Validation Error
|
CVE-2018-15121
|
2024-11-21 12:50 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246642
|
4.7 |
MEDIUM
Local
|
gearsoftware
|
gearaspiwdm
|
GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available ri…
|
CWE-362
Race Condition
|
CVE-2018-15499
|
2024-11-21 12:50 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246643
|
6.5 |
MEDIUM
Network
|
gnome
canonical
|
pango
ubuntu_linux
|
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15120
|
2024-11-21 12:50 |
2018-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246644
|
8.8 |
HIGH
Network
|
ucopia
|
wireless_appliance_firmware
|
Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape …
|
CWE-78
OS Command
|
CVE-2018-15481
|
2024-11-21 12:50 |
2018-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246645
|
7.5 |
HIGH
Network
|
embedthis
juniper
|
appweb
goahead
junos
|
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus caus…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-15505
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246646
|
7.5 |
HIGH
Network
|
embedthis
juniper
|
appweb
goahead
junos
|
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-15504
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246647
|
7.5 |
HIGH
Network
|
swoole
|
swoole
|
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15503
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246648
|
7.5 |
HIGH
Network
|
debian
libgit2
|
debian_linux
libgit2
|
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-boun…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-15501
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246649
|
7.5 |
HIGH
Network
|
tecrail
|
responsive_filemanager
|
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/pa…
|
CWE-22
Path Traversal
|
CVE-2018-15495
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246650
|
9.8 |
CRITICAL
Network
|
dojotoolkit
debian
|
dojo
debian_linux
|
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2018-15494
|
2024-11-21 12:50 |
2018-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
