|
246251
|
8.8 |
HIGH
Network
|
axiosys
|
bento4
|
An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14586
|
2024-11-21 12:49 |
2018-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246252
|
8.8 |
HIGH
Network
|
axiosys
|
bento4
|
An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14585
|
2024-11-21 12:49 |
2018-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246253
|
8.8 |
HIGH
Network
|
axiosys
|
bento4
|
An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14584
|
2024-11-21 12:49 |
2018-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246254
|
8.8 |
HIGH
Network
|
xyhcms
|
xyhcms
|
xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.
|
CWE-352
Origin Validation Error
|
CVE-2018-14583
|
2024-11-21 12:49 |
2018-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246255
|
8.8 |
HIGH
Network
|
bagesoft
|
bagecms
|
index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.
|
CWE-352
Origin Validation Error
|
CVE-2018-14582
|
2024-11-21 12:49 |
2018-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246256
|
9.8 |
CRITICAL
Network
|
golemcms_project
|
golemcms
|
GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Informatio…
|
CWE-94
Code Injection
|
CVE-2018-14579
|
2024-11-21 12:49 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246257
|
5.5 |
MEDIUM
Local
|
trms
|
tightrope_media_carousel_digital_signage
|
A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary fil…
|
CWE-22
Path Traversal
|
CVE-2018-14573
|
2024-11-21 12:49 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246258
|
8.8 |
HIGH
Network
|
niushop
|
b2b2c_multi-business
|
A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profil…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-14570
|
2024-11-21 12:49 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246259
|
7.5 |
HIGH
Network
|
suricata-ids
|
suricata
|
Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortl…
|
NVD-CWE-noinfo
|
CVE-2018-14568
|
2024-11-21 12:49 |
2018-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246260
|
9.8 |
CRITICAL
Network
|
thunlp
|
thulac
|
An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-14565
|
2024-11-21 12:49 |
2018-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
