|
247331
|
6.5 |
MEDIUM
Local
|
debian
xen
|
debian_linux
xen
|
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain poi…
|
NVD-CWE-noinfo
|
CVE-2018-12891
|
2024-11-21 12:46 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247332
|
7.5 |
HIGH
Network
|
zzcms
|
zzcms
|
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. Thi…
|
CWE-20
Improper Input Validation
|
CVE-2018-13056
|
2024-11-21 12:46 |
2018-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247333
|
8.1 |
HIGH
Network
|
debian
linuxmint
|
debian_linux
cinnamon
|
An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_…
|
CWE-59
Link Following
|
CVE-2018-13054
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247334
|
3.3 |
LOW
Local
|
linux
canonical
debian
|
linux_kernel
ubuntu_linux
debian_linux
|
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-13053
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247335
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request.
|
CWE-89
SQL Injection
|
CVE-2018-13050
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247336
|
8.8 |
HIGH
Network
|
glpi-project
|
glpi
|
The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php.
|
CWE-89
SQL Injection
|
CVE-2018-13049
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247337
|
9.8 |
CRITICAL
Network
|
debian
canonical
|
devscripts
ubuntu_linux
|
scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing.
|
CWE-94
Code Injection
|
CVE-2018-13043
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247338
|
7.5 |
HIGH
Network
|
linktoken_project
|
linktoken
|
The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-13041
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247339
|
8.8 |
HIGH
Network
|
opendesa
|
opensid
|
OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-13040
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247340
|
6.1 |
MEDIUM
Network
|
opendesa
|
opensid
|
OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-13039
|
2024-11-21 12:46 |
2018-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
