|
246211
|
6.5 |
MEDIUM
Network
|
hdfgroup
|
hdf5
|
A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-17435
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246212
|
6.5 |
MEDIUM
Network
|
hdfgroup
|
hdf5
|
A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection…
|
CWE-369
Divide By Zero
|
CVE-2018-17434
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246213
|
6.5 |
MEDIUM
Network
|
hdfgroup
|
hdf5
|
A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-17433
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246214
|
6.5 |
MEDIUM
Network
|
hdfgroup
|
hdf5
|
A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-17432
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246215
|
5.3 |
MEDIUM
Network
|
sbi
|
sbi_buddy
|
The SBIbuddy (aka com.sbi.erupee) application 1.41 and 1.42 for Android might allow an attacker to sniff private information such as mobile number, PAN number (from a government-issued ID), and date …
|
CWE-200
Information Exposure
|
CVE-2018-17404
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246216
|
4.8 |
MEDIUM
Network
|
springboot_authority_project
|
springboot_authority
|
An issue was discovered in springboot_authority through 2017-03-06. There is stored XSS via the admin/role/edit roleKey, name, or description parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-17369
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246217
|
5.3 |
MEDIUM
Network
|
publiccms
|
publiccms
|
An issue was discovered in PublicCMS V4.0.180825. For an invalid login attempt, the response length is different depending on whether the username is valid, which makes it easier to conduct brute-for…
|
NVD-CWE-noinfo
|
CVE-2018-17368
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246218
|
7.8 |
HIGH
Local
|
tug
canonical
debian
|
tex_live
ubuntu_linux
debian_linux
|
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution wh…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17407
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246219
|
8.8 |
HIGH
Network
|
phonepe
|
phonepe
|
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor s…
|
NVD-CWE-noinfo
|
CVE-2018-17403
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246220
|
5.3 |
MEDIUM
Network
|
phonepe
|
phonepe
|
The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendo…
|
CWE-200
Information Exposure
|
CVE-2018-17402
|
2024-11-21 12:54 |
2018-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
