|
248011
|
6.1 |
MEDIUM
Network
|
eng
|
knowage
|
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12355
|
2024-11-21 12:45 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248012
|
8.8 |
HIGH
Network
|
knowage-suite
|
knowage
|
Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request.
|
CWE-352
Origin Validation Error
|
CVE-2018-12354
|
2024-11-21 12:45 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248013
|
6.1 |
MEDIUM
Network
|
knowage-suite
|
knowage
|
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12353
|
2024-11-21 12:45 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248014
|
5.4 |
MEDIUM
Network
|
articlecms_project
|
articlecms
|
ArticleCMS through 2017-02-19 has XSS via an "add an article" action.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12339
|
2024-11-21 12:45 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248015
|
4.3 |
MEDIUM
Network
|
apache
|
solr
|
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does …
|
CWE-863
Incorrect Authorization
|
CVE-2018-11802
|
2024-11-21 12:44 |
2020-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248016
|
7.8 |
HIGH
Local
|
qualcomm
|
apq8053_firmware
mdm9640_firmware
sda660_firmware
sdm636_firmware
sdm660_firmware
sdx20_firmware
|
Possible double free issue in WLAN due to lack of checking memory free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdr…
|
CWE-415
Double Free
|
CVE-2018-11838
|
2024-11-21 12:44 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248017
|
7.8 |
HIGH
Local
|
qualcomm
|
apq8009_firmware
apq8017_firmware
apq8053_firmware
apq8064_firmware
apq8096au_firmware
mdm9206_firmware
mdm9207c_firmware
mdm9607_firmware
mdm9640_firmware
mdm9650_firmware…
|
When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdra…
|
CWE-120
Classic Buffer Overflow
|
CVE-2018-11980
|
2024-11-21 12:44 |
2019-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248018
|
6.7 |
MEDIUM
Local
|
apache
debian
|
spamassassin
debian_linux
|
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In additio…
|
CWE-78
OS Command
|
CVE-2018-11805
|
2024-11-21 12:44 |
2019-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248019
|
6.5 |
MEDIUM
Local
|
intel
debian
opensuse
fedoraproject
canonical
f5
redhat
oracle
|
core_i3-10110u_firmware
core_i3-10110y_firmware
core_i3-1005g1_firmware
core_i3-9300t_firmware
core_i3-9300_firmware
core_i3-9100_firmware
core_i3-9100t_firmware
core_i3-9350k_fi…
|
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host s…
|
CWE-20
Improper Input Validation
|
CVE-2018-12207
|
2024-11-21 12:44 |
2019-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248020
|
6.5 |
MEDIUM
Network
|
apache
|
subversion
|
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lea…
|
CWE-20
Improper Input Validation
|
CVE-2018-11782
|
2024-11-21 12:44 |
2019-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
