|
247651
|
6.1 |
MEDIUM
Network
|
adiscon
|
loganalyzer
|
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
|
CWE-79
Cross-site Scripting
|
CVE-2018-19877
|
2024-11-21 12:58 |
2018-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247652
|
6.5 |
MEDIUM
Network
|
cairographics
|
cairo
|
cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid…
|
CWE-416
Use After Free
|
CVE-2018-19876
|
2024-11-21 12:58 |
2018-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247653
|
7.5 |
HIGH
Network
|
qt opensuse
|
qt leap
|
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-19865
|
2024-11-21 12:58 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247654
|
9.8 |
CRITICAL
Network
|
nuuo
|
nvrmini2_firmware
|
NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds…
|
CWE-119 CWE-20
Incorrect Access of Indexable Resource ('Range Error') Improper Input Validation
|
CVE-2018-19864
|
2024-11-21 12:58 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247655
|
6.5 |
MEDIUM
Network
|
openrefine
|
openrefine
|
OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive.
|
CWE-22
Path Traversal
|
CVE-2018-19859
|
2024-11-21 12:58 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247656
|
9.1 |
CRITICAL
Network
|
videolan debian
|
vlc_media_player debian_linux
|
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast conv…
|
CWE-824
Access of Uninitialized Pointer
|
CVE-2018-19857
|
2024-11-21 12:58 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247657
|
8.1 |
HIGH
Network
|
hashicorp
|
vault
|
HashiCorp Vault before 1.0.0 writes the master key to the server log in certain unusual or misconfigured scenarios in which incorrect data comes from the autoseal mechanism without an error being rep…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-19786
|
2024-11-21 12:58 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247658
|
4.7 |
MEDIUM
Local
|
linux canonical
|
linux_kernel ubuntu_linux
|
An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures tha…
|
CWE-200
Information Exposure
|
CVE-2018-19854
|
2024-11-21 12:58 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247659
|
7.5 |
HIGH
Network
|
gnu fedoraproject
|
glibc fedora
|
In the GNU C Library (aka glibc or libc6) through 2.28, attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related t…
|
CWE-20
Improper Input Validation
|
CVE-2018-19591
|
2024-11-21 12:58 |
2018-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247660
|
8.8 |
HIGH
Network
|
hitshop_project
|
hitshop
|
An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekee…
|
CWE-269
Improper Privilege Management
|
CVE-2018-19853
|
2024-11-21 12:58 |
2018-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|