|
247571
|
9.1 |
CRITICAL
Network
|
kone
|
group_controller_firmware
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.
|
CWE-287
Improper Authentication
|
CVE-2018-15485
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247572
|
9.8 |
CRITICAL
Network
|
kone
|
group_controller_firmware
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.
|
CWE-78
OS Command
|
CVE-2018-15484
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247573
|
7.5 |
HIGH
Network
|
kone
|
group_controller_firmware
|
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.
|
CWE-20
Improper Input Validation
|
CVE-2018-15483
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247574
|
9.6 |
CRITICAL
Network
|
dokuwiki
|
dokuwiki
|
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to ex…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2018-15474
|
2024-11-21 12:50 |
2018-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247575
|
6.5 |
MEDIUM
Network
|
libesedb_project
|
libesedb
|
The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has di…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-15161
|
2024-11-21 12:50 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247576
|
6.5 |
MEDIUM
Network
|
libesedb_project
|
libesedb
|
The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-15160
|
2024-11-21 12:50 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247577
|
6.5 |
MEDIUM
Network
|
libesedb_project
|
libesedb
|
The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has di…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-15159
|
2024-11-21 12:50 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247578
|
6.5 |
MEDIUM
Network
|
libesedb_project
|
libesedb
|
The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-15158
|
2024-11-21 12:50 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247579
|
6.5 |
MEDIUM
Network
|
libfsclfs_project
|
libfsclfs
|
The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disp…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-15157
|
2024-11-21 12:50 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247580
|
8.8 |
HIGH
Network
|
docker
|
docker
|
HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15514
|
2024-11-21 12:50 |
2018-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
