|
246351
|
5.5 |
MEDIUM
Local
|
fedoraproject
|
sssd
|
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user di…
|
CWE-200
Information Exposure
|
CVE-2018-16883
|
2024-11-21 12:53 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246352
|
8.0 |
HIGH
Adjacent
|
linux
redhat
debian
canonical
|
linux_kernel
enterprise_linux
enterprise_mrg
debian_linux
ubuntu_linux
|
A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-af…
|
-
|
CVE-2018-16884
|
2024-11-21 12:53 |
2018-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246353
|
7.5 |
HIGH
Adjacent
|
swisscom
|
internet-box_standard_firmware
internet-box_light_firmware
internet-box_plus_firmware
internet-box_2_firmware
|
A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows rem…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16596
|
2024-11-21 12:53 |
2018-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246354
|
7.5 |
HIGH
Network
|
golang
opensuse
|
go
leap
|
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs …
|
CWE-295
Improper Certificate Validation
|
CVE-2018-16875
|
2024-11-21 12:53 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246355
|
8.1 |
HIGH
Network
|
golang
opensuse
suse
debian
|
go
leap
linux_enterprise_server
backports_sle
debian_linux
|
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both …
|
-
|
CVE-2018-16874
|
2024-11-21 12:53 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246356
|
8.1 |
HIGH
Network
|
golang
opensuse
suse
debian
|
go
leap
linux_enterprise_server
backports_sle
debian_linux
|
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package th…
|
-
|
CVE-2018-16873
|
2024-11-21 12:53 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246357
|
5.3 |
MEDIUM
Network
|
qemu
debian
fedoraproject
canonical
opensuse
|
qemu
debian_linux
fedora
ubuntu_linux
leap
|
A flaw was found in qemu Media Transfer Protocol (MTP). The code opening files in usb_mtp_get_object and usb_mtp_get_partial_object and directories in usb_mtp_object_readdir doesn't consider that the…
|
-
|
CVE-2018-16872
|
2024-11-21 12:53 |
2018-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246358
|
7.8 |
HIGH
Local
|
qemu
fedoraproject
canonical
|
qemu
fedora
ubuntu_linux
|
A flaw was found in qemu Media Transfer Protocol (MTP) before version 3.1.0. A path traversal in the in usb_mtp_write_data function in hw/usb/dev-mtp.c due to an improper filename sanitization. When …
|
CWE-362
Race Condition
|
CVE-2018-16867
|
2024-11-21 12:53 |
2018-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246359
|
6.5 |
MEDIUM
Network
|
nucleuscms
|
nucleus_cms
|
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16636
|
2024-11-21 12:53 |
2018-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246360
|
5.4 |
MEDIUM
Network
|
blackcat-cms
|
blackcat_cms
|
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16635
|
2024-11-21 12:53 |
2018-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
