|
247931
|
7.5 |
HIGH
Network
|
qemu
canonical
debian
|
qemu
ubuntu_linux
debian_linux
|
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fau…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-12617
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247932
|
5.3 |
MEDIUM
Network
|
phusion
|
passenger
|
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12615
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247933
|
9.8 |
CRITICAL
Network
|
telesquare
|
sdt-cs3b1_firmware
sdt-cw3b1_firmware
|
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-12526
|
2024-11-21 12:45 |
2018-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247934
|
7.5 |
HIGH
Network
|
njtech
|
greencms
|
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/year_month_day.log.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-12604
|
2024-11-21 12:45 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247935
|
9.8 |
CRITICAL
Network
|
sam2p_project
debian
|
sam2p
debian_linux
|
There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12601
|
2024-11-21 12:45 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247936
|
8.8 |
HIGH
Network
|
debian
canonical
imagemagick
|
debian_linux
ubuntu_linux
imagemagick
|
In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12600
|
2024-11-21 12:45 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247937
|
8.8 |
HIGH
Network
|
debian
canonical
imagemagick
|
debian_linux
ubuntu_linux
imagemagick
|
In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12599
|
2024-11-21 12:45 |
2018-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247938
|
7.5 |
HIGH
Network
|
email\
|
\
|
The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that c…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2018-12558
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247939
|
7.5 |
HIGH
Network
|
reliablecontrols
|
mach-prowebcom_firmware
|
Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Pa…
|
CWE-200
Information Exposure
|
CVE-2018-12594
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247940
|
7.5 |
HIGH
Network
|
polycom
|
realpresence_web_suite
|
Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option).…
|
CWE-200
Information Exposure
|
CVE-2018-12592
|
2024-11-21 12:45 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
