|
249371
|
7.8 |
HIGH
Local
|
eclipse
oracle
|
openj9
enterprise_manager_base_platform
|
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, whic…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-12539
|
2024-11-21 12:45 |
2018-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249372
|
5.3 |
MEDIUM
Network
|
eclipse
|
vert.x
|
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfilte…
|
CWE-20
Improper Input Validation
|
CVE-2018-12537
|
2024-11-21 12:45 |
2018-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249373
|
6.1 |
MEDIUM
Network
|
german_spelling_dictionary_project
|
german_spelling_dictionary
|
A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may in…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12587
|
2024-11-21 12:45 |
2018-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249374
|
7.5 |
HIGH
Network
|
tibco
|
activematrix_businessworks
activematrix_businessworks_distribution_for_tibco_silver_fabric
|
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO…
|
CWE-611
XXE
|
CVE-2018-12408
|
2024-11-21 12:45 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249375
|
8.8 |
HIGH
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string …
|
CWE-78
OS Command
|
CVE-2018-12483
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249376
|
8.8 |
HIGH
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.
|
CWE-89
SQL Injection
|
CVE-2018-12482
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249377
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The charts feature contained a persistent XSS issue due to a la…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12607
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249378
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition and Enterprise Edition before 10.7.6, 10.8.x before 10.8.5, and 11.x before 11.0.1. The wiki contains a persistent XSS issue due to a lack of outpu…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12606
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249379
|
5.4 |
MEDIUM
Network
|
gitlab
|
gitlab
|
An issue was discovered in GitLab Community Edition and Enterprise Edition 10.7.x before 10.7.6. The usage of 'url_for' contained a XSS issue due to it allowing arbitrary protocols as a parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12605
|
2024-11-21 12:45 |
2018-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249380
|
5.3 |
MEDIUM
Network
|
navercorp
|
whale
|
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious we…
|
CWE-20
Improper Input Validation
|
CVE-2018-12448
|
2024-11-21 12:45 |
2018-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
