|
246011
|
8.8 |
HIGH
Network
|
dlink
|
dir-822_firmware
dir-822-us_firmware
dir-850l_firmware
dir-880l_firmware
|
D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentic…
|
NVD-CWE-noinfo
|
CVE-2018-20674
|
2024-11-21 13:01 |
2019-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246012
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argumen…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2018-20673
|
2024-11-21 13:01 |
2019-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246013
|
5.5 |
MEDIUM
Local
|
gnu
|
binutils
|
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2018-20671
|
2024-11-21 13:01 |
2019-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246014
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_adselfservice_plus
|
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
|
CWE-611
XXE
|
CVE-2018-20664
|
2024-11-21 13:01 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246015
|
5.4 |
MEDIUM
Network
|
haulmont
|
cuba_platform
reporting
|
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20663
|
2024-11-21 13:01 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246016
|
9.8 |
CRITICAL
Network
|
cdatatec
|
epon_cpe-wifi_devices_firmware
|
EPON CPE-WiFi devices 2.0.4-X000 are vulnerable to escalation of privileges by sending cooLogin=1, cooUser=admin, and timestamp=-1 cookies.
|
CWE-565
Reliance on Cookies without Validation and Integrity Checking
|
CVE-2018-20512
|
2024-11-21 13:01 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246017
|
6.1 |
MEDIUM
Network
|
chinamobile
|
gpn2.4p21-c-cn_firmware
|
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20326
|
2024-11-21 13:01 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246018
|
7.8 |
HIGH
Local
|
exiftool_project
|
exiftool
|
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2018-20211
|
2024-11-21 13:01 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246019
|
6.5 |
MEDIUM
Network
|
freedesktop
debian
fedoraproject
canonical
redhat
|
poppler
debian_linux
fedora
ubuntu_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux
enterprise_linux_eus
enterprise_linu…
|
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by craft…
|
CWE-20
Improper Input Validation
|
CVE-2018-20662
|
2024-11-21 13:01 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246020
|
6.5 |
MEDIUM
Network
|
axiosys
|
bento4
|
An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-20659
|
2024-11-21 13:01 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
