CVE-2018-15553
fileshare.cmd on Telus Actiontec T2200H T2200H-31.128L.03 devices allows OS Command Injection via shell metacharacters in the smbdUserid or smbdPasswd field.
Source: CVE-2018-15553
[월:] 2018년 08월
CVE-2018-15559
CVE-2018-15560
CVE-2018-15560
PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.
Source: CVE-2018-15560
CVE-2018-15505
CVE-2018-15505
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ‘]’ character in an IPv6 address.
Source: CVE-2018-15505
CVE-2018-15504
CVE-2018-15504
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
Source: CVE-2018-15504
CVE-2018-15495
CVE-2018-15495
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
Source: CVE-2018-15495
CVE-2018-15503
CVE-2018-15503
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
Source: CVE-2018-15503
CVE-2018-15501
CVE-2018-15501
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a ‘{$content}’ byte to trigger an out-of-bounds read that leads to DoS.
Source: CVE-2018-15501
CVE-2018-15494
CVE-2018-15494
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
Source: CVE-2018-15494
CVE-2018-15492
CVE-2018-15492
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
Source: CVE-2018-15492