|
248981
|
6.5 |
MEDIUM
Network
|
yxcms
|
yxcms
|
An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts…
|
CWE-352
Origin Validation Error
|
CVE-2018-11003
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248982
|
6.5 |
MEDIUM
Network
|
exiv2
debian
canonical
|
exiv2
debian_linux
ubuntu_linux
|
An issue was discovered in Exiv2 0.26. The Exiv2::Internal::PngChunk::parseTXTChunk function has a heap-based buffer over-read.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10999
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248983
|
6.5 |
MEDIUM
Network
|
exiv2
canonical
debian
redhat
|
exiv2
ubuntu_linux
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
|
An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call.
|
NVD-CWE-noinfo
|
CVE-2018-10998
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248984
|
9.8 |
CRITICAL
Network
|
d-link
|
dir-629-b_firmware
|
The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 devices allows attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a session.cgi?ACTION=logout requ…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10996
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248985
|
9.8 |
CRITICAL
Network
|
lilypond
|
lilypond
|
lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-inje…
|
CWE-88
Argument Injection
|
CVE-2018-10992
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248986
|
5.5 |
MEDIUM
Local
|
modbuspal_project
|
modbuspal
|
ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE inje…
|
CWE-611
XXE
|
CVE-2018-10832
|
2024-11-21 12:42 |
2018-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248987
|
8.8 |
HIGH
Local
|
xen
debian
|
xen
debian_linux
|
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (unexpectedly high interrupt number, array overrun, and hypervisor crash) or possibly gain h…
|
NVD-CWE-noinfo
|
CVE-2018-10982
|
2024-11-21 12:42 |
2018-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248988
|
6.5 |
MEDIUM
Local
|
debian
xen
|
debian_linux
xen
|
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service (host OS infinite loop) in situations where a QEMU device model attempts to make invalid tra…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-10981
|
2024-11-21 12:42 |
2018-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248989
|
7.5 |
HIGH
Network
|
koreashow_project
|
koreashow
|
An integer overflow in the transferMulti function of a smart contract implementation for KoreaShow, an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets …
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-10973
|
2024-11-21 12:42 |
2018-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248990
|
7.8 |
HIGH
Local
|
2345.cc
|
security_guard
|
In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating …
|
CWE-20
Improper Input Validation
|
CVE-2018-10977
|
2024-11-21 12:42 |
2018-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
