|
249241
|
6.5 |
MEDIUM
Network
|
gnome
redhat
|
libgxps
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
ansible_tower
|
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10767
|
2024-11-21 12:42 |
2018-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249242
|
6.1 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parame…
|
CWE-79
Cross-site Scripting
|
CVE-2018-10228
|
2024-11-21 12:41 |
2021-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249243
|
7.5 |
HIGH
Network
|
pexip
|
pexip_infinity
|
Pexip Infinity before 18 allows remote Denial of Service (XML parsing).
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-10585
|
2024-11-21 12:41 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249244
|
7.5 |
HIGH
Network
|
pexip
|
pexip_infinity
|
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-10432
|
2024-11-21 12:41 |
2020-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249245
|
7.8 |
HIGH
Local
|
transmissionbt
debian
fedoraproject
|
transmission
debian_linux
fedora
|
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
|
CWE-416
Use After Free
|
CVE-2018-10756
|
2024-11-21 12:41 |
2020-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249246
|
6.1 |
MEDIUM
Network
|
yii2cmf_project
|
yii2cmf
|
yidashi yii2cmf 2.0 has XSS via the /search q parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10704
|
2024-11-21 12:41 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249247
|
8.8 |
HIGH
Network
|
jamf
|
jamf
|
Jamf Pro 10.x before 10.3.0 has Incorrect Access Control. Jamf Pro user accounts and groups with access to log in to Jamf Pro had full access to endpoints in the Universal API (UAPI), regardless of a…
|
NVD-CWE-noinfo
|
CVE-2018-10465
|
2024-11-21 12:41 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249248
|
9.8 |
CRITICAL
Network
|
open_tftp_server_project
|
open_tftp_server
|
Format string vulnerability in the logMess function in TFTP Server MT 1.65 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2018-10389
|
2024-11-21 12:41 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249249
|
9.8 |
CRITICAL
Network
|
open_tftp_server_project
|
open_tftp_server
|
Format string vulnerability in the logMess function in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or execute arbitrary code via format string sequences in …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2018-10388
|
2024-11-21 12:41 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249250
|
9.8 |
CRITICAL
Network
|
open_tftp_server_project
|
open_tftp_server
|
Heap-based overflow vulnerability in TFTP Server SP 1.66 and earlier allows remote attackers to perform a denial of service or possibly execute arbitrary code via a long TFTP error packet, a differen…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-10387
|
2024-11-21 12:41 |
2019-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
