|
246361
|
9.8 |
CRITICAL
Network
|
technicolor
|
tc7110.ar_firmware
|
Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP req…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2018-20438
|
2024-11-21 13:01 |
2018-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246362
|
7.5 |
HIGH
Network
|
mrbird
|
febs-shiro
|
An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename…
|
CWE-22
Path Traversal
|
CVE-2018-20437
|
2024-11-21 13:01 |
2018-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246363
|
8.1 |
HIGH
Network
|
telegram
|
web telegram
|
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sen…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2018-20436
|
2024-11-21 13:01 |
2018-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246364
|
8.8 |
HIGH
Network
|
foxitsoftware
|
quick_pdf_library
|
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref entries using the DAOpenFile or DAOpenFileReadOnly functions may res…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20249
|
2024-11-21 13:01 |
2018-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246365
|
9.8 |
CRITICAL
Network
|
foxitsoftware
|
quick_pdf_library
|
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing invalid xref table pointers or invalid xref table data using the LoadFromFile, Lo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20248
|
2024-11-21 13:01 |
2018-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246366
|
7.8 |
HIGH
Local
|
foxitsoftware
|
quick_pdf_library
|
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFro…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-20247
|
2024-11-21 13:01 |
2018-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246367
|
9.8 |
CRITICAL
Network
|
mchange debian
|
c3p0 debian_linux
|
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
|
CWE-611
XXE
|
CVE-2018-20433
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246368
|
6.5 |
MEDIUM
Network
|
gnu debian
|
libextractor debian_linux
|
GNU Libextractor through 1.8 has a NULL Pointer Dereference vulnerability in the function process_metadata() in plugins/ole2_extractor.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20431
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246369
|
6.5 |
MEDIUM
Network
|
gnu debian
|
libextractor debian_linux
|
GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-20430
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246370
|
8.8 |
HIGH
Network
|
libming
|
libming
|
libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20429
|
2024-11-21 13:01 |
2018-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|