CVE-2018-12694
TP-Link TL-WA850RE Wi-Fi Range Extender with hardware version 5 allows remote attackers to cause a denial of service (reboot) via data/reboot.json.
Source: CVE-2018-12694
[월:] 2018년 06월
CVE-2018-7682
CVE-2018-7682
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
Source: CVE-2018-7682
CVE-2018-12689
CVE-2018-12689
phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.
Source: CVE-2018-12689
CVE-2018-12688
CVE-2018-12688
tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.
Source: CVE-2018-12688
CVE-2018-12684
CVE-2018-12684
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
Source: CVE-2018-12684
CVE-2018-12687
CVE-2018-12687
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.
Source: CVE-2018-12687
CVE-2018-12538
CVE-2018-12538
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem’s storage for the FileSessionDataStore.
Source: CVE-2018-12538
CVE-2018-12678
CVE-2018-12678
Portainer before 1.18.0 supports unauthenticated requests to the websocket endpoint with an unvalidated id query parameter for the /websocket/exec endpoint, which allows remote attackers to bypass intended access restrictions or conduct SSRF attacks.
Source: CVE-2018-12678
CVE-2018-1000201
CVE-2018-1000201
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.
Source: CVE-2018-1000201
CVE-2018-12636
CVE-2018-12636
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
Source: CVE-2018-12636