|
246311
|
8.1 |
HIGH
Network
|
ruby-lang
canonical
debian
redhat
|
ruby
ubuntu_linux
debian_linux
enterprise_linux
|
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some f…
|
NVD-CWE-noinfo
|
CVE-2018-16396
|
2024-11-21 12:52 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246312
|
9.8 |
CRITICAL
Network
|
ruby-lang
canonical
debian
redhat
|
ruby
openssl
ubuntu_linux
debian_linux
enterprise_linux
|
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using =…
|
NVD-CWE-noinfo
|
CVE-2018-16395
|
2024-11-21 12:52 |
2018-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246313
|
6.5 |
MEDIUM
Network
|
opendolphin
|
opendolphin
|
OpenDolphin 2.7.0 and earlier allows authenticated attackers to bypass authentication to create and/or delete other users accounts via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-16163
|
2024-11-21 12:52 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246314
|
8.8 |
HIGH
Network
|
opendolphin
|
opendolphin
|
OpenDolphin 2.7.0 and earlier allows authenticated attackers to obtain other users credentials such as a user ID and/or its password via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2018-16162
|
2024-11-21 12:52 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246315
|
8.8 |
HIGH
Network
|
opendolphin
|
opendolphin
|
OpenDolphin 2.7.0 and earlier allows authenticated users to gain administrative privileges and perform unintended operations.
|
NVD-CWE-noinfo
|
CVE-2018-16161
|
2024-11-21 12:52 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246316
|
7.8 |
HIGH
Local
|
ftsafe
|
securecore
|
SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC.
|
CWE-287
Improper Authentication
|
CVE-2018-16160
|
2024-11-21 12:52 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246317
|
7.5 |
HIGH
Network
|
rack_project
|
rack
|
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-16470
|
2024-11-21 12:52 |
2018-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246318
|
6.1 |
MEDIUM
Network
|
rack_project
debian
|
rack
debian_linux
|
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the …
|
CWE-79
Cross-site Scripting
|
CVE-2018-16471
|
2024-11-21 12:52 |
2018-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246319
|
5.9 |
MEDIUM
Network
|
axtls_project
|
axtls
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures w…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16253
|
2024-11-21 12:52 |
2018-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246320
|
5.9 |
MEDIUM
Network
|
axtls_project
|
axtls
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatu…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16150
|
2024-11-21 12:52 |
2018-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
