|
247791
|
9.8 |
CRITICAL
Network
|
broadcom
|
release_automation
|
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2018-15691
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247792
|
7.8 |
HIGH
Local
|
manjaro
|
manjaro_linux
|
An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially conta…
|
CWE-269
Improper Privilege Management
|
CVE-2018-15912
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247793
|
6.5 |
MEDIUM
Adjacent
|
technicolor
|
tc8305c_firmware
|
Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might over…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-15907
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247794
|
5.5 |
MEDIUM
Local
|
qemu
|
qemu
|
qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.
|
NVD-CWE-noinfo
|
CVE-2018-15746
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247795
|
6.1 |
MEDIUM
Network
|
isweb
|
isweb
|
CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15562
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247796
|
9.8 |
CRITICAL
Network
|
grafana
redhat
|
grafana
ceph_storage
|
Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.
|
CWE-287
Improper Authentication
|
CVE-2018-15727
|
2024-11-21 12:51 |
2018-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247797
|
9.8 |
CRITICAL
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2018-15882
|
2024-11-21 12:51 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247798
|
7.5 |
HIGH
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.
|
NVD-CWE-noinfo
|
CVE-2018-15881
|
2024-11-21 12:51 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247799
|
5.4 |
MEDIUM
Network
|
joomla
|
joomla\!
|
An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
|
CWE-79
Cross-site Scripting
|
CVE-2018-15880
|
2024-11-21 12:51 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
247800
|
6.5 |
MEDIUM
Network
|
website_seller_script_project
|
website_seller_script
|
PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-15897
|
2024-11-21 12:51 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
