|
249411
|
9.8 |
CRITICAL
Network
|
cimtechniques
|
cimscan
|
In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code.
|
CWE-89
SQL Injection
|
CVE-2018-16803
|
2024-11-21 12:53 |
2019-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249412
|
9.8 |
CRITICAL
Network
|
freebsd
|
freebsd
|
In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious att…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-17161
|
2024-11-21 12:53 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249413
|
5.5 |
MEDIUM
Local
|
linux redhat
|
linux_kernel enterprise_linux_server
|
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundar…
|
-
|
CVE-2018-16885
|
2024-11-21 12:53 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249414
|
8.8 |
HIGH
Local
|
linux canonical
|
linux_kernel ubuntu_linux
|
A use-after-free issue was found in the way the Linux kernel's KVM hypervisor processed posted interrupts when nested(=1) virtualization is enabled. In nested_get_vmcs12_pages(), in case of an error …
|
CWE-416
Use After Free
|
CVE-2018-16882
|
2024-11-21 12:53 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249415
|
5.9 |
MEDIUM
Network
|
wolfssl
|
wolfssl
|
It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.
|
CWE-310
Cryptographic Issues
|
CVE-2018-16870
|
2024-11-21 12:53 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249416
|
5.3 |
MEDIUM
Network
|
redhat debian suse canonical
|
ansible debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ansible_engine openstack package_hub ubuntu_linux
|
ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.
|
CWE-200
Information Exposure
|
CVE-2018-16876
|
2024-11-21 12:53 |
2019-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249417
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible_tower
|
Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery workers from RabbitMQ. This could lead in data…
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2018-16879
|
2024-11-21 12:53 |
2019-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249418
|
5.4 |
MEDIUM
Network
|
modx
|
evolution_cms
|
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16638
|
2024-11-21 12:53 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249419
|
5.4 |
MEDIUM
Network
|
modx
|
evolution_cms
|
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16637
|
2024-11-21 12:53 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
249420
|
4.8 |
MEDIUM
Network
|
jupo
|
mezzanine
|
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16632
|
2024-11-21 12:53 |
2018-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|