|
246291
|
6.5 |
MEDIUM
Network
|
libtiff
debian
canonical
|
libtiff
debian_linux
ubuntu_linux
|
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called from TIFFWriteDirectoryTagTransferfunction) in LibTIFF 4.0.9 allows an attacker to cause a denial-of-service through a cra…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-17000
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246292
|
5.5 |
MEDIUM
Local
|
nasm
|
netwide_assembler
|
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16999
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246293
|
8.8 |
HIGH
Network
|
hiscout
|
grc_suite
|
HiScout GRC Suite before 3.1.5 allows Unrestricted Upload of Files with Dangerous Types.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-16796
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246294
|
7.8 |
HIGH
Local
|
mgetty_project
|
mgetty
|
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-16745
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246295
|
7.8 |
HIGH
Local
|
mgetty_project
|
mgetty
|
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because…
|
CWE-78
NVD-CWE-noinfo
OS Command
|
CVE-2018-16744
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246296
|
7.8 |
HIGH
Local
|
mgetty_project
|
mgetty
|
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16743
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246297
|
7.8 |
HIGH
Local
|
mgetty_project
|
mgetty
|
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16742
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246298
|
7.8 |
HIGH
Local
|
mgetty_project
debian
|
mgetty
debian_linux
|
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use th…
|
CWE-78
OS Command
|
CVE-2018-16741
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246299
|
7.2 |
HIGH
Network
|
squashtest
|
squash_tm
|
Squash TM through 1.18.0 presents the cleartext passwords of external services in the administration panel, as demonstrated by a ta-server-password field in the HTML source code.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-16987
|
2024-11-21 12:53 |
2018-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246300
|
7.5 |
HIGH
Network
|
lizard_project
|
lizard
|
In Lizard (formerly LZ5) 2.0, use of an invalid memory address was discovered in LZ5_compress_continue in lz5_compress.c, related to LZ5_compress_fastSmall and MEM_read32. The vulnerability causes a …
|
CWE-125
Out-of-bounds Read
|
CVE-2018-16985
|
2024-11-21 12:53 |
2018-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
