|
246161
|
4.6 |
MEDIUM
Physics
|
yubico
|
smart_card_minidriver
piv_manager
piv_tool
|
An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14780
|
2024-11-21 12:49 |
2018-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246162
|
6.8 |
MEDIUM
Physics
|
yubico
|
smart_card_minidriver
piv_manager
piv_tool
|
A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_le…
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2018-14779
|
2024-11-21 12:49 |
2018-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246163
|
7.5 |
HIGH
Network
|
man-cgi_project
|
man-cgi
|
man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI.
|
CWE-22
Path Traversal
|
CVE-2018-14429
|
2024-11-21 12:49 |
2018-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246164
|
7.8 |
HIGH
Local
|
gnome
|
gnome_display_manager
|
The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially…
|
CWE-416
Use After Free
|
CVE-2018-14424
|
2024-11-21 12:49 |
2018-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246165
|
5.3 |
MEDIUM
Adjacent
|
medtronicdiabetes
|
508_minimed_insulin_pump_firmware
522_paradigm_real-time_firmware
722_paradigm_real-time_firmware
523_paradigm_revel_firmware
723_paradigm_revel_firmware
523k_paradigm_revel_firmware
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified ab…
|
CWE-287
Improper Authentication
|
CVE-2018-14781
|
2024-11-21 12:49 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
246166
|
7.8 |
HIGH
Local
|
jetbrains
|
dotpeek
resharper_ultimate
|
JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-14878
|
2024-11-21 12:49 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246167
|
5.4 |
MEDIUM
Network
|
tiki
|
tikiwiki_cms\/groupware
|
Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mo…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14850
|
2024-11-21 12:49 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246168
|
5.4 |
MEDIUM
Network
|
tiki
|
tikiwiki_cms\/groupware
|
Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-14849
|
2024-11-21 12:49 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246169
|
7.5 |
HIGH
Network
|
netcommwireless
|
nwl-25_firmware
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication.
|
CWE-200
Information Exposure
|
CVE-2018-14785
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246170
|
6.1 |
MEDIUM
Network
|
netcommwireless
|
nwl-25_firmware
|
NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2018-14784
|
2024-11-21 12:49 |
2018-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
