|
247411
|
8.8 |
HIGH
Network
|
wordpress
debian
|
wordpress
debian_linux
|
WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can de…
|
CWE-22
Path Traversal
|
CVE-2018-12895
|
2024-11-21 12:46 |
2018-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247412
|
9.8 |
CRITICAL
Network
|
ccn-lite
|
ccn-lite
|
An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCN…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12889
|
2024-11-21 12:46 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247413
|
6.5 |
MEDIUM
Network
|
octopus
|
octopus_deploy
|
In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.
|
CWE-269
Improper Privilege Management
|
CVE-2018-12884
|
2024-11-21 12:46 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247414
|
9.8 |
CRITICAL
Network
|
php
canonical
netapp
|
php
ubuntu_linux
storage_automation_store
|
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closi…
|
CWE-416
Use After Free
|
CVE-2018-12882
|
2024-11-21 12:46 |
2018-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247415
|
5.4 |
MEDIUM
Network
|
opensuse
|
open_build_service
|
A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request agains…
|
-
|
CVE-2018-12475
|
2024-11-21 12:45 |
2020-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247416
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
firefox_esr
|
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting i…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-12371
|
2024-11-21 12:45 |
2020-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247417
|
7.5 |
HIGH
Network
|
suse
|
obs-service-tar_scm
|
Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the mach…
|
CWE-22
Path Traversal
|
CVE-2018-12476
|
2024-11-21 12:45 |
2020-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247418
|
6.5 |
MEDIUM
Network
|
arista
|
cloudvision_portal
|
Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12357
|
2024-11-21 12:45 |
2019-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247419
|
8.8 |
HIGH
Network
|
eventum_project
|
eventum
|
An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
|
CWE-352
Origin Validation Error
|
CVE-2018-12628
|
2024-11-21 12:45 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247420
|
6.1 |
MEDIUM
Network
|
eventum_project
|
eventum
|
An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12627
|
2024-11-21 12:45 |
2019-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
