|
247641
|
9.1 |
CRITICAL
Network
|
accusoft
|
prizmdoc
|
Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumptio…
|
CWE-611
XXE
|
CVE-2018-15805
|
2024-11-21 12:51 |
2018-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247642
|
6.8 |
MEDIUM
Network
|
cloud_foundry
|
bits_service
|
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing th…
|
CWE-200
Information Exposure
|
CVE-2018-15800
|
2024-11-21 12:51 |
2018-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247643
|
8.8 |
HIGH
Network
|
pivotal_software
|
cloud_foundry_nfs_volume
|
Cloud Foundry NFS volume release, 1.2.x prior to 1.2.5, 1.5.x prior to 1.5.4, 1.7.x prior to 1.7.3, logs the cf admin username and password when running the nfsbrokerpush BOSH deploy errand. A remote…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2018-15797
|
2024-11-21 12:51 |
2018-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247644
|
4.3 |
MEDIUM
Physics
|
dell
|
data_protection_\|_encryption
|
Dell Encryption (formerly Dell Data Protection | Encryption) v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentiall…
|
CWE-200
Information Exposure
|
CVE-2018-15773
|
2024-11-21 12:51 |
2018-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247645
|
8.8 |
HIGH
Network
|
nuuo
|
nvrmini2_firmware
|
NUUO NVRMini2 version 3.9.1 is vulnerable to authenticated remote command injection. An attacker can send crafted requests to upgrade_handle.php to execute OS commands as root.
|
CWE-78
OS Command
|
CVE-2018-15716
|
2024-11-21 12:51 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247646
|
9.8 |
CRITICAL
Network
|
zoom
|
zoom
|
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unau…
|
CWE-20
Improper Input Validation
|
CVE-2018-15715
|
2024-11-21 12:51 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247647
|
7.5 |
HIGH
Network
|
google
|
android
|
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15835
|
2024-11-21 12:51 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247648
|
6.5 |
MEDIUM
Network
|
dell
|
openmanage_network_manager
|
Dell OpenManage Network Manager versions prior to 6.5.0 enabled read/write access to the file system for MySQL users due to insecure default configuration setting for the embedded MySQL database.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2018-15768
|
2024-11-21 12:51 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247649
|
8.8 |
HIGH
Network
|
dell
|
openmanage_network_manager
|
The Dell OpenManage Network Manager virtual appliance versions prior to 6.5.3 contain an improper authorization vulnerability caused by a misconfiguration in the /etc/sudoers file.
|
CWE-863
Incorrect Authorization
|
CVE-2018-15767
|
2024-11-21 12:51 |
2018-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247650
|
8.8 |
HIGH
Network
|
ocsinventory-ng
|
ocsinventory_ng
|
Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-15537
|
2024-11-21 12:51 |
2018-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
