|
246781
|
9.8 |
CRITICAL
Network
|
mi
|
xiaomi_r3p_firmware
xiaomi_r3c_firmware
xiaomi_r3d_firmware
xiaomi_r3
|
OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execu…
|
CWE-78
OS Command
|
CVE-2018-14010
|
2024-11-21 12:48 |
2018-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246782
|
5.3 |
MEDIUM
Network
|
znc
debian
|
znc
debian_linux
|
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.
|
CWE-22
Path Traversal
|
CVE-2018-14056
|
2024-11-21 12:48 |
2018-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246783
|
6.5 |
MEDIUM
Network
|
znc
debian
|
znc
debian_linux
|
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
|
CWE-20
Improper Input Validation
|
CVE-2018-14055
|
2024-11-21 12:48 |
2018-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246784
|
9.8 |
CRITICAL
Network
|
techsmith
|
mp4v2
|
A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.
|
CWE-415
Double Free
|
CVE-2018-14054
|
2024-11-21 12:48 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246785
|
6.5 |
MEDIUM
Network
|
libwav_project
|
libwav
|
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c.
|
NVD-CWE-noinfo
|
CVE-2018-14052
|
2024-11-21 12:48 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246786
|
7.5 |
HIGH
Network
|
libwav_project
|
libwav
|
The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-14051
|
2024-11-21 12:48 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246787
|
6.5 |
MEDIUM
Network
|
libwav_project
|
libwav
|
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c.
|
NVD-CWE-noinfo
|
CVE-2018-14050
|
2024-11-21 12:48 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246788
|
6.5 |
MEDIUM
Network
|
libwav_project
|
libwav
|
An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c.
|
NVD-CWE-noinfo
|
CVE-2018-14049
|
2024-11-21 12:48 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246789
|
6.5 |
MEDIUM
Network
|
libpng
oracle
|
libpng
jdk
jre
|
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
|
NVD-CWE-noinfo
|
CVE-2018-14048
|
2024-11-21 12:48 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246790
|
5.5 |
MEDIUM
Local
|
pngwriter_project
|
pngwriter
|
An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NO…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-14047
|
2024-11-21 12:48 |
2018-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
