|
249331
|
9.8 |
CRITICAL
Network
|
slack_archivebot_project
|
slack_archivebot
|
SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text paramete…
|
CWE-89
SQL Injection
|
CVE-2018-17232
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249332
|
7.5 |
HIGH
Network
|
telegram
|
telegram_desktop
|
Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of ra…
|
CWE-617
Reachable Assertion
|
CVE-2018-17231
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249333
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-17230
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249334
|
6.5 |
MEDIUM
Network
|
exiv2
|
exiv2
|
Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-17229
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249335
|
9.8 |
CRITICAL
Network
|
nmap4j_project
|
nmap4j
|
nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.
|
CWE-78
OS Command
|
CVE-2018-17228
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249336
|
8.8 |
HIGH
Network
|
linksys
|
velop_firmware
|
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered …
|
CWE-78
OS Command
|
CVE-2018-17208
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249337
|
9.8 |
CRITICAL
Network
|
snapcreek
|
duplicator
|
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php duri…
|
CWE-94
Code Injection
|
CVE-2018-17207
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249338
|
4.9 |
MEDIUM
Network
|
openvswitch redhat canonical debian
|
openvswitch openstack ubuntu_linux debian_linux
|
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-17206
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249339
|
7.5 |
HIGH
Network
|
openvswitch redhat canonical
|
openvswitch openstack ubuntu_linux
|
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto …
|
CWE-617
Reachable Assertion
|
CVE-2018-17205
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249340
|
4.3 |
MEDIUM
Network
|
openvswitch redhat canonical debian
|
openvswitch openstack ubuntu_linux debian_linux
|
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and comman…
|
CWE-617
Reachable Assertion
|
CVE-2018-17204
|
2024-11-21 12:54 |
2018-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|