|
252071
|
8.8 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violatio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10114
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252072
|
7.5 |
HIGH
Network
|
gegl
|
generic_graphics_library
|
An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocat…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10113
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252073
|
8.8 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access v…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10112
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252074
|
7.5 |
HIGH
Network
|
gegl
|
gegl
|
An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-10111
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252075
|
4.8 |
MEDIUM
Network
|
monstra
|
monstra
|
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10109
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252076
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-815_firmware
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the Treturn parameter to /htdocs/webinc/js/bsc_sms_inbox.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10108
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252077
|
6.1 |
MEDIUM
Network
|
dlink
|
dir-815_firmware
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have XSS in the RESULT parameter to /htdocs/webinc/js/info.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10107
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252078
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-815_firmware
|
D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.ph…
|
CWE-200
Information Exposure
|
CVE-2018-10106
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252079
|
6.1 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.
|
CWE-79
Cross-site Scripting
|
CVE-2018-10102
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252080
|
6.1 |
MEDIUM
Network
|
wordpress
debian
|
wordpress
debian_linux
|
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
|
CWE-601
Open Redirect
|
CVE-2018-10101
|
2024-11-21 12:40 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
