|
246871
|
6.1 |
MEDIUM
Network
|
mayan-edms
|
mayan_edms
|
An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16406
|
2024-11-21 12:52 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246872
|
6.1 |
MEDIUM
Network
|
mayan-edms
|
mayan_edms
|
An issue was discovered in Mayan EDMS before 3.0.2. The Appearance app sets window.location directly, leading to XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16405
|
2024-11-21 12:52 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246873
|
5.5 |
MEDIUM
Local
|
elfutils_project
|
elfutils
|
libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-16403
|
2024-11-21 12:52 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246874
|
9.8 |
CRITICAL
Network
|
elfutils_project
debian
redhat
opensuse
canonical
|
elfutils
debian_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
leap
ubuntu_linux
|
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress tw…
|
CWE-415
Double Free
|
CVE-2018-16402
|
2024-11-21 12:52 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246875
|
7.5 |
HIGH
Network
|
twistlock
|
authz_broker
|
In Twistlock AuthZ Broker 0.1, regular expressions are mishandled, as demonstrated by containers/aa/pause?aaa=\/start to bypass a policy in which "docker start" is allowed but "docker pause" is not a…
|
NVD-CWE-noinfo
|
CVE-2018-16398
|
2024-11-21 12:52 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246876
|
4.9 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16397
|
2024-11-21 12:52 |
2018-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246877
|
6.8 |
MEDIUM
Physics
|
opensc_project
|
opensc
|
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to sup…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16393
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246878
|
6.8 |
MEDIUM
Physics
|
opensc_project
|
opensc
|
Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16392
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246879
|
6.8 |
MEDIUM
Physics
|
opensc_project
|
opensc
|
Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smart…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16391
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246880
|
8.8 |
HIGH
Network
|
elefantcms
|
elefantcms
|
An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add.
|
CWE-352
Origin Validation Error
|
CVE-2018-16387
|
2024-11-21 12:52 |
2018-09-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
