|
247941
|
5.5 |
MEDIUM
Local
|
foxitsoftware
|
foxit_reader
|
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (Break instruction exception and application crash) via BMP data because of a ConvertToPDF_x86!Connect…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-19389
|
2024-11-21 12:57 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247942
|
5.5 |
MEDIUM
Local
|
foxitsoftware
|
foxit_reader
|
FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read, access violation, and application crash) via TIFF data because of a ConvertToPDF_…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-19388
|
2024-11-21 12:57 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247943
|
6.5 |
MEDIUM
Network
|
greencms
|
greencms
|
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to delete a log file via the index.php?m=admin&c=data&a=clear URI.
|
CWE-352
Origin Validation Error
|
CVE-2018-19376
|
2024-11-21 12:57 |
2018-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247944
|
9.8 |
CRITICAL
Network
|
portainer
|
portainer
|
Portainer through 1.19.2 provides an API endpoint (/api/users/admin/check) to verify that the admin user is already created. This API endpoint will return 404 if admin was not created and 204 if it w…
|
NVD-CWE-noinfo
|
CVE-2018-19367
|
2024-11-21 12:57 |
2018-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247945
|
5.3 |
MEDIUM
Network
|
google
|
monorail
|
Google Monorail before 2018-06-07 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with a crafted groupby…
|
CWE-352
Origin Validation Error
|
CVE-2018-19335
|
2024-11-21 12:57 |
2018-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247946
|
5.3 |
MEDIUM
Network
|
google
|
monorail
|
Google Monorail before 2018-05-04 has a Cross-Site Search (XS-Search) vulnerability because CSV downloads are affected by CSRF, and calculations of download times (for requests with an unsupported ax…
|
CWE-352
Origin Validation Error
|
CVE-2018-19334
|
2024-11-21 12:57 |
2018-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247947
|
9.8 |
CRITICAL
Network
|
prestashop mypresta
|
prestashop customer_files_upload
|
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-19355
|
2024-11-21 12:57 |
2018-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247948
|
7.8 |
HIGH
Local
|
gnome
|
gnome-keyring
|
GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One p…
|
NVD-CWE-noinfo
|
CVE-2018-19358
|
2024-11-21 12:57 |
2018-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247949
|
6.5 |
MEDIUM
Network
|
ansilove
|
libansilove
|
The ansilove_ansi function in loaders/ansi.c in libansilove 1.0.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-19353
|
2024-11-21 12:57 |
2018-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247950
|
6.1 |
MEDIUM
Network
|
jupyter
|
notebook
|
Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19352
|
2024-11-21 12:57 |
2018-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|