|
247431
|
7.5 |
HIGH
Network
|
coapthon_project
|
coapthon
|
The Serialize.deserialize() method in CoAPthon 3.1, 4.0.0, 4.0.1, and 4.0.2 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoA…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-12680
|
2024-11-21 12:45 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247432
|
7.5 |
HIGH
Network
|
coapthon3_project
|
coapthon3
|
The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-12679
|
2024-11-21 12:45 |
2019-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247433
|
7.5 |
HIGH
Network
|
eclipse
fedoraproject
|
jetty
fedora
|
In Eclipse Jetty version 9.3.x and 9.4.x, the server is vulnerable to Denial of Service conditions if a remote client sends either large SETTINGs frames container containing many settings, or many sm…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-12545
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247434
|
8.1 |
HIGH
Network
|
eclipse
|
mosquitto
|
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means…
|
CWE-287
Improper Authentication
|
CVE-2018-12551
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247435
|
8.1 |
HIGH
Network
|
eclipse
|
mosquitto
|
When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use an ACL file, and that ACL file is empty, or contains only comments or blank lines, then Mosquitto will treat this as thoug…
|
NVD-CWE-noinfo
|
CVE-2018-12550
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247436
|
6.5 |
MEDIUM
Network
|
eclipse
|
mosquitto
|
In Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-12546
|
2024-11-21 12:45 |
2019-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247437
|
6.1 |
MEDIUM
Network
|
myadrenalin
|
adrenalin
|
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12653
|
2024-11-21 12:45 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247438
|
6.1 |
MEDIUM
Network
|
myadrenalin
|
adrenalin
|
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12652
|
2024-11-21 12:45 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247439
|
6.1 |
MEDIUM
Network
|
bose
|
soundtouch
|
An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12638
|
2024-11-21 12:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247440
|
7.8 |
HIGH
Local
|
avast
|
free_antivirus
|
Avast Free Antivirus prior to 19.1.2360 stores user credentials in memory upon login, which allows local users to obtain sensitive information by dumping AvastUI.exe application memory and parsing th…
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2018-12572
|
2024-11-21 12:45 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
