|
248131
|
8.8 |
HIGH
Network
|
webkit
|
webkitgtk\+
|
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
|
CWE-416
Use After Free
|
CVE-2018-12294
|
2024-11-21 12:44 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248132
|
8.8 |
HIGH
Network
|
canonical
webkitgtk
wpewebkit
|
ubuntu_linux
webkitgtk\+
wpe_webkit
|
The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to versio…
|
CWE-787
CWE-190
Out-of-bounds Write
Integer Overflow or Wraparound
|
CVE-2018-12293
|
2024-11-21 12:44 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248133
|
5.5 |
MEDIUM
Local
|
liblnk_project
|
liblnk
|
The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file…
|
CWE-200
CWE-125
Information Exposure
Out-of-bounds Read
|
CVE-2018-12098
|
2024-11-21 12:44 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248134
|
5.5 |
MEDIUM
Local
|
liblnk_project
|
liblnk
|
The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-rea…
|
CWE-200
CWE-125
Information Exposure
Out-of-bounds Read
|
CVE-2018-12097
|
2024-11-21 12:44 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248135
|
5.5 |
MEDIUM
Local
|
liblnk_project
|
liblnk
|
The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12096
|
2024-11-21 12:44 |
2018-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248136
|
6.1 |
MEDIUM
Network
|
airbnb
|
knowledge_repo
|
Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the pos…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12104
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248137
|
5.3 |
MEDIUM
Adjacent
|
eminent-online
|
em4544
|
An issue was discovered on Eminent EM4544 9.10 devices. The device does not require the user's current password to set a new one within the web interface. Therefore, it is possible to exploit this is…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12073
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248138
|
9.8 |
CRITICAL
Network
|
cloudmedia
|
popcorn_a-200_firmware
|
An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attac…
|
NVD-CWE-noinfo
|
CVE-2018-12072
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248139
|
9.8 |
CRITICAL
Network
|
codeigniter
|
codeigniter
|
A Session Fixation issue exists in CodeIgniter before 3.1.9 because session.use_strict_mode in the Session Library was mishandled.
|
CWE-384
Session Fixation
|
CVE-2018-12071
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248140
|
7.0 |
HIGH
Local
|
phusion
debian
|
passenger
debian_linux
|
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently st…
|
CWE-362
Race Condition
|
CVE-2018-12029
|
2024-11-21 12:44 |
2018-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
