|
252211
|
7.5 |
HIGH
Network
|
nghttp2
nodejs
debian
|
nghttp2
node.js
debian_linux
|
nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service…
|
CWE-20
CWE-476
Improper Input Validation
NULL Pointer Dereference
|
CVE-2018-1000168
|
2024-11-21 12:39 |
2018-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252212
|
4.8 |
MEDIUM
Network
|
imagely
|
nextgen_gallery
|
Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross Site Scripting (XSS) vulnerability in Image Alt & Title Text. This attack appears to be exploitable via a victim viewing the image …
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000172
|
2024-11-21 12:39 |
2018-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252213
|
7.5 |
HIGH
Network
|
lightsaml
|
lightsaml
|
LightSAML version prior to 1.3.5 contains a Incorrect Access Control vulnerability in signature validation in readers in src/LightSaml/Model/XmlDSig/ that can result in impersonation of any user from…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000165
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252214
|
7.5 |
HIGH
Network
|
gunicorn
debian
|
gunicorn
debian_linux
|
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an atta…
|
CWE-93
CRLF Injection
|
CVE-2018-1000164
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252215
|
6.1 |
MEDIUM
Network
|
projectfloodlight
|
floodlight
|
Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploit…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000163
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252216
|
6.1 |
MEDIUM
Network
|
parsedown
|
parsedown
|
Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) vulnerability in `setMarkupEscaped` for escaping HTML that can result in JavaScript code execution. This attack appears to be ex…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000162
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252217
|
5.7 |
MEDIUM
Network
|
nmap
|
nmap
|
nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is runn…
|
CWE-22
Path Traversal
|
CVE-2018-1000161
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252218
|
6.1 |
MEDIUM
Network
|
risingstack
|
protect
|
RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in isXss() function in lib/rules/xss.js that can result in dangerous XSS strings being validated as s…
|
CWE-79
Cross-site Scripting
|
CVE-2018-1000160
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252219
|
8.8 |
HIGH
Network
|
cmsmadesimple
|
cms_made_simple
|
cmsmadesimple version 2.2.7 contains a Incorrect Access Control vulnerability in the function of send_recovery_email in the line "$url = $config['admin_url'] . '/login.php?recoverme=' . $code;" that …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-1000158
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252220
|
7.8 |
HIGH
Local
|
oisf
|
suricata-update
|
OISF suricata-update version 1.0.0a1 contains an Insecure Deserialization vulnerability in the insecure yaml.load-Function as used in the following files: config.py:136, config.py:142, sources.py:99 …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-1000167
|
2024-11-21 12:39 |
2018-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
