|
248531
|
8.1 |
HIGH
Network
|
linux redhat
|
linux_kernel enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server virtualization_host enterprise_linux_server_tus enterprise_linux_server_eus enterprise_…
|
In the Linux kernel through 4.19, a use-after-free can occur due to a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. This issue exists because of the 15fe076edea78…
|
CWE-362 CWE-416
Race Condition Use After Free
|
CVE-2018-18559
|
2024-11-21 12:56 |
2018-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248532
|
8.8 |
HIGH
Network
|
libtiff debian canonical
|
libtiff debian_linux ubuntu_linux
|
LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7, 4.0.8 and 4.0.9 (with JBIG enabled) de…
|
CWE-787
Out-of-bounds Write
|
CVE-2018-18557
|
2024-11-21 12:56 |
2018-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248533
|
6.1 |
MEDIUM
Network
|
leanote
|
leanote
|
Leanote 2.6.1 has XSS via the Blog Basic Setting title field, which is mishandled during rendering of the "likes" page.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18553
|
2024-11-21 12:56 |
2018-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248534
|
8.8 |
HIGH
Network
|
serverscheck
|
serverscheck
|
ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user.
|
CWE-89
SQL Injection
|
CVE-2018-18550
|
2024-11-21 12:56 |
2018-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248535
|
9.8 |
CRITICAL
Network
|
thinkphp
|
thinkphp
|
ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable.
|
CWE-89
SQL Injection
|
CVE-2018-18546
|
2024-11-21 12:56 |
2018-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248536
|
6.1 |
MEDIUM
Network
|
fiyo
|
fiyo_cms
|
Fiyo CMS 2.0.7 has XSS via the dapur\apps\app_user\edit_user.php name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18545
|
2024-11-21 12:56 |
2018-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248537
|
6.5 |
MEDIUM
Network
|
imagemagick graphicsmagick opensuse
|
imagemagick graphicsmagick leap
|
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-18544
|
2024-11-21 12:56 |
2018-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248538
|
7.5 |
HIGH
Network
|
teeworlds debian
|
teeworlds debian_linux
|
In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP a…
|
CWE-20
Improper Input Validation
|
CVE-2018-18541
|
2024-11-21 12:56 |
2018-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248539
|
6.1 |
MEDIUM
Network
|
teakki
|
teakki
|
TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL.
|
CWE-79
Cross-site Scripting
|
CVE-2018-18540
|
2024-11-21 12:56 |
2018-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248540
|
9.8 |
CRITICAL
Network
|
kaptcha_project
|
kaptcha
|
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for genera…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2018-18531
|
2024-11-21 12:56 |
2018-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|