|
246751
|
7.5 |
HIGH
Network
|
openstack
redhat
|
octavia
openstack
|
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are read…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-16856
|
2024-11-21 12:53 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246752
|
9.8 |
CRITICAL
Network
|
libreoffice
|
libreoffice
|
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could…
|
CWE-22
Path Traversal
|
CVE-2018-16858
|
2024-11-21 12:53 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246753
|
5.4 |
MEDIUM
Network
|
fedoraproject
redhat
|
sssd
enterprise_linux
|
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users …
|
CWE-269
Improper Privilege Management
|
CVE-2018-16838
|
2024-11-21 12:53 |
2019-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246754
|
5.4 |
MEDIUM
Network
|
printeron
|
printeron
|
PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" f…
|
CWE-79
Cross-site Scripting
|
CVE-2018-17167
|
2024-11-21 12:53 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246755
|
7.5 |
HIGH
Network
|
shellinabox_project
|
shellinabox
|
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force …
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-16789
|
2024-11-21 12:53 |
2019-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246756
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr
|
An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit.
|
CWE-89
SQL Injection
|
CVE-2018-16809
|
2024-11-21 12:53 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246757
|
6.1 |
MEDIUM
Network
|
dolibarr
|
dolibarr
|
An issue was discovered in Dolibarr through 7.0.0. There is Stored XSS in expensereport/card.php in the expense reports plugin via the comments parameter, or a public or private note.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16808
|
2024-11-21 12:53 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246758
|
6.1 |
MEDIUM
Network
|
ucms_project
|
ucms
|
An issue was discovered in UCMS 1.4.6. There is XSS in the title bar, as demonstrated by a do=list request.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16804
|
2024-11-21 12:53 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246759
|
7.5 |
HIGH
Network
|
haxx
canonical
debian
netapp
siemens
oracle
redhat
f5
|
libcurl
ubuntu_linux
debian_linux
clustered_data_ontap
sinema_remote_connect_client
http_server
secure_global_desktop
communications_operations_monitor
enterprise_linux
big…
|
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2018-16890
|
2024-11-21 12:53 |
2019-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246760
|
7.0 |
HIGH
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
A flaw was found in the Linux kernel's handle_rx() function in the [vhost_net] driver. A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on …
|
CWE-787
Out-of-bounds Write
|
CVE-2018-16880
|
2024-11-21 12:53 |
2019-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
