|
249961
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12233
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249962
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sock…
|
CWE-362
Race Condition
|
CVE-2018-12232
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249963
|
6.1 |
MEDIUM
Network
|
sfu
|
open_journal_system
|
Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12229
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249964
|
6.5 |
MEDIUM
Network
|
sangoma
|
asterisk
|
An issue was discovered in Asterisk Open Source 15.x before 15.4.1. When connected to Asterisk via TCP/TLS, if the client abruptly disconnects, or sends a specially crafted message, then Asterisk get…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-12228
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249965
|
5.3 |
MEDIUM
Network
|
digium
debian
|
asterisk
certified_asterisk
debian_linux
|
An issue was discovered in Asterisk Open Source 13.x before 13.21.1, 14.x before 14.7.7, and 15.x before 15.4.1 and Certified Asterisk 13.18-cert before 13.18-cert4 and 13.21-cert before 13.21-cert2.…
|
CWE-200
Information Exposure
|
CVE-2018-12227
|
2024-11-21 12:44 |
2018-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249966
|
7.8 |
HIGH
Local
|
md4c_project
|
md4c
|
md_build_attribute in md4c.c in md4c 0.2.6 allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact via a crafted file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-12112
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249967
|
6.1 |
MEDIUM
Network
|
canon
|
efi_printme
|
Cross-site scripting (XSS) vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /wt3/mydocs.php URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12111
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249968
|
7.2 |
HIGH
Network
|
portfoliocms_project
|
portfoliocms
|
portfolioCMS 1.0.5 has SQL Injection via the admin/portfolio.php preview parameter.
|
CWE-89
SQL Injection
|
CVE-2018-12110
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249969
|
7.8 |
HIGH
Local
|
flif
|
flif
|
An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The TransformPaletteC<FileIO>::process function in transform/palette_C.hpp allows remote attackers to cause a denial of service (heap…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12109
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249970
|
5.5 |
MEDIUM
Local
|
dropbox
|
lepton
|
An issue was discovered in Dropbox Lepton 1.2.1. The validateAndCompress function in validation.cc allows remote attackers to cause a denial of service (SIGFPE and application crash) via a malformed …
|
CWE-20
Improper Input Validation
|
CVE-2018-12108
|
2024-11-21 12:44 |
2018-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
