|
249001
|
6.1 |
MEDIUM
Network
|
opentsdb
|
opentsdb
|
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12973
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249002
|
9.8 |
CRITICAL
Network
|
opentsdb
|
opentsdb
|
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.
|
CWE-78
OS Command
|
CVE-2018-12972
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249003
|
6.5 |
MEDIUM
Network
|
easycms
|
easycms
|
EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.
|
CWE-352
Origin Validation Error
|
CVE-2018-12971
|
2024-11-21 12:46 |
2018-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249004
|
7.5 |
HIGH
Network
|
gnu
|
binutils
|
remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2018-12934
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249005
|
9.8 |
CRITICAL
Network
|
winehq
|
wine
|
PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCre…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12933
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249006
|
9.8 |
CRITICAL
Network
|
winehq
|
wine
|
PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBle…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12932
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249007
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possib…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12931
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249008
|
7.8 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or pani…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-12930
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249009
|
5.5 |
MEDIUM
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via …
|
CWE-416
Use After Free
|
CVE-2018-12929
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249010
|
5.5 |
MEDIUM
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-12928
|
2024-11-21 12:46 |
2018-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
