|
249321
|
5.4 |
MEDIUM
Network
|
chevereto
|
chevereto
|
Chevereto Free before 1.0.13 has XSS.
|
CWE-79
Cross-site Scripting
|
CVE-2018-12030
|
2024-11-21 12:44 |
2018-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249322
|
8.8 |
HIGH
Network
|
maccms
|
maccms
|
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
|
CWE-352
Origin Validation Error
|
CVE-2018-12114
|
2024-11-21 12:44 |
2018-06-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249323
|
6.4 |
MEDIUM
Physics
|
dropbox
|
dropbox
|
An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean…
|
CWE-287
Improper Authentication
|
CVE-2018-12271
|
2024-11-21 12:44 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249324
|
7.5 |
HIGH
Network
|
enigmail
|
enigmail
|
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote …
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-12019
|
2024-11-21 12:44 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249325
|
6.1 |
MEDIUM
Network
|
sensiolabs
|
symfony
|
Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _pro…
|
CWE-79
Cross-site Scripting
|
CVE-2018-12040
|
2024-11-21 12:44 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249326
|
6.8 |
MEDIUM
Physics
|
apollotechnologiesinc
|
momentum_axel_720p_firmware
momentum_axel_720p
|
An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at t…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2018-12323
|
2024-11-21 12:44 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249327
|
5.5 |
MEDIUM
Local
|
radare
|
radare2
|
There is a heap out of bounds read in radare2 2.6.0 in _6502_op() in libr/anal/p/anal_6502.c via a crafted iNES ROM binary file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12322
|
2024-11-21 12:44 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249328
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
There is a heap out of bounds read in radare2 2.6.0 in java_switch_op() in libr/anal/p/anal_java.c via a crafted Java binary file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-12321
|
2024-11-21 12:44 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249329
|
7.8 |
HIGH
Local
|
radare
|
radare2
|
There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file.
|
CWE-416
Use After Free
|
CVE-2018-12320
|
2024-11-21 12:44 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249330
|
8.2 |
HIGH
Local
|
qemu
canonical
redhat
debian
|
qemu
ubuntu_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_eus
openstack
enterprise_linux_server_tus
enterprise_linux_ser…
|
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-11806
|
2024-11-21 12:44 |
2018-06-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
