|
248841
|
6.5 |
MEDIUM
Adjacent
|
radiothermostat
|
ct50_firmware
ct80_firmware
|
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonst…
|
CWE-20
Improper Input Validation
|
CVE-2018-11315
|
2024-11-21 12:43 |
2018-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248842
|
6.5 |
MEDIUM
Network
|
podofo_project
|
podofo
|
An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and appli…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-11256
|
2024-11-21 12:43 |
2018-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248843
|
7.5 |
HIGH
Network
|
axiosys
|
bento4
|
The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by m…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-10790
|
2024-11-21 12:42 |
2021-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248844
|
7.5 |
HIGH
Network
|
redhat
|
certification
|
redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XML…
|
CWE-400
CWE-776
Uncontrolled Resource Consumption
XML Entity Expansion
|
CVE-2018-10868
|
2024-11-21 12:42 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248845
|
9.1 |
CRITICAL
Network
|
redhat
|
certification
|
Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2018-10867
|
2024-11-21 12:42 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248846
|
9.1 |
CRITICAL
Network
|
redhat
|
certification
|
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file w…
|
CWE-862
Missing Authorization
|
CVE-2018-10866
|
2024-11-21 12:42 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248847
|
7.5 |
HIGH
Network
|
redhat
|
certification
|
It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host acces…
|
CWE-862
Missing Authorization
|
CVE-2018-10865
|
2024-11-21 12:42 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248848
|
7.5 |
HIGH
Network
|
redhat
|
certification
|
It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An u…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2018-10863
|
2024-11-21 12:42 |
2021-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248849
|
7.5 |
HIGH
Network
|
k7computing
|
enterprise_security
ultimate_security
total_security
antivrius
|
K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2018-11246
|
2024-11-21 12:42 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248850
|
7.8 |
HIGH
Local
|
k7computing
|
enterprise_security
ultimate_security
total_security
antivrius
|
A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11010
|
2024-11-21 12:42 |
2021-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
