|
246271
|
4.4 |
MEDIUM
Network
|
samba
|
samba
|
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or t…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-16852
|
2024-11-21 12:53 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246272
|
5.9 |
MEDIUM
Network
|
samba
|
samba
|
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba T…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-16853
|
2024-11-21 12:53 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246273
|
6.5 |
MEDIUM
Network
|
samba
canonical
debian
|
samba
ubuntu_linux
debian_linux
|
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the cl…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-16851
|
2024-11-21 12:53 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246274
|
6.5 |
MEDIUM
Network
|
samba
canonical
debian
|
samba
ubuntu_linux
debian_linux
|
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() tw…
|
CWE-415
Double Free
|
CVE-2018-16841
|
2024-11-21 12:53 |
2018-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246275
|
5.5 |
MEDIUM
Local
|
linux
redhat
canonical
debian
|
linux_kernel
enterprise_linux
ubuntu_linux
debian_linux
|
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain le…
|
CWE-200
Information Exposure
|
CVE-2018-16862
|
2024-11-21 12:53 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246276
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to prevent login cross-site request forgery. Fixed …
|
CWE-352
Origin Validation Error
|
CVE-2018-16854
|
2024-11-21 12:53 |
2018-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246277
|
7.2 |
HIGH
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2018-16621
|
2024-11-21 12:53 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246278
|
7.5 |
HIGH
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
|
CWE-863
Incorrect Authorization
|
CVE-2018-16620
|
2024-11-21 12:53 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246279
|
6.1 |
MEDIUM
Network
|
sonatype
|
nexus_repository_manager
|
Sonatype Nexus Repository Manager before 3.14 allows XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16619
|
2024-11-21 12:53 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246280
|
9.8 |
CRITICAL
Network
|
postgresql
redhat
canonical
|
postgresql
enterprise_linux
ubuntu_linux
|
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cau…
|
CWE-89
SQL Injection
|
CVE-2018-16850
|
2024-11-21 12:53 |
2018-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
