|
247281
|
5.9 |
MEDIUM
Network
|
axtls_project
|
axtls
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatu…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16150
|
2024-11-21 12:52 |
2018-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247282
|
5.9 |
MEDIUM
Network
|
axtls_project
|
axtls
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponen…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16149
|
2024-11-21 12:52 |
2018-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247283
|
7.5 |
HIGH
Network
|
knight_project
|
knight
|
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.
|
CWE-22
Path Traversal
|
CVE-2018-16475
|
2024-11-21 12:52 |
2018-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247284
|
6.1 |
MEDIUM
Network
|
tianma-static_project
|
tianma-static
|
A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16474
|
2024-11-21 12:52 |
2018-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247285
|
5.3 |
MEDIUM
Network
|
takeapeek_project
|
takeapeek
|
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.
|
CWE-22
Path Traversal
|
CVE-2018-16473
|
2024-11-21 12:52 |
2018-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247286
|
7.5 |
HIGH
Network
|
cached-path-relative_project
debian
|
cached-path-relative
debian_linux
|
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype …
|
CWE-20
Improper Input Validation
|
CVE-2018-16472
|
2024-11-21 12:52 |
2018-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247287
|
7.5 |
HIGH
Network
|
merge_project
|
merge
|
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a den…
|
CWE-20
Improper Input Validation
|
CVE-2018-16469
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247288
|
5.4 |
MEDIUM
Network
|
loofah_project
debian
|
loofah
debian_linux
|
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16468
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247289
|
5.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud_server
|
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.
|
CWE-287
Improper Authentication
|
CVE-2018-16467
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247290
|
8.1 |
HIGH
Network
|
nextcloud
|
nextcloud_server
|
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2018-16466
|
2024-11-21 12:52 |
2018-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
