Cross site scripting

A cross-site scripting vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in confirmationList.jelly and stopButton.jelly that allows attackers with Job/Configure and/or Job/Create permission to create an item name containing JavaScript that would be executed in another user's...

Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2018-08254)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A cross-site scripting vulnerability exists in Monstra CMS version 3.0.4. A remote attacker can exploit the...

CVE-2018-10118

Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php...

CVE-2018-10118

Monstra CMS 3.0.4 is affected by a Stored XSS in the Name field on the Create New Page screen (admin/index.php?id=pages), related to plugins/box/pages/pages.admin.php. This CVE details the vulnerable component path and the input point that leads to script execution. The connected data confirms th...

CVE-2018-9155

Cross-site scripting XSS vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin-Logs section with a logs?logs.type= URI and the Manage-Attributes section via the "Name display"...

Remote code execution

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

CVE-2018-10054

CVE-2018-10054 describes an RCE in H2 Database via the CREATE ALIAS mechanism. The issue affects H2 1.4.197 as used in Datomic before 0.9.5697 and other products, enabling remote code execution by an attacker with a crafted alias. Public references note exploit activity and Java code execution vi...

kernel: Use-after-free in snd_seq_ioctl_create_port()

A use-after-free vulnerability was found when issuing an ioctl to a sound device. This could allow a user to exploit a race condition and create memory corruption or possibly privilege escalation...

PT-2018-10222 · Coreos +3 · Etcd +3

Name of the Vulnerable Software and Affected Versions: etcd versions 3.3.1 and earlier Description: A cross-site request forgery flaw was found, allowing an attacker to set up a website that tries to send a POST request to the etcd server and modify a key. Since adding a key is done with PUT, it ...

PT-2018-3757 · Satori +1 · Go.Uuid +2

Name of the Vulnerable Software and Affected Versions: SIF versions prior to v1.2.3 Description: The issue is related to the github.com/satori/go.uuid module used as a dependency in SIF, which produces predictable UUID identifiers due to insecure randomness. This could allow a remote attacker to...

CVE-2018-8740

A NULL pointer dereference vulnerability was found in SQLite. Loading a database whose schema was corrupted using a CREATE TABLE AS statement would result in a SQLite crash...

CVE-2018-8740

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

Null pointer dereference

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

DEBIAN-CVE-2018-8740

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

ALPINE-CVE-2018-8740

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

UBUNTU-CVE-2018-8740

In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c...

CVE-2018-8740

SQLite through 3.22.0 is vulnerable to a NULL pointer dereference when a database schema is corrupted via CREATE TABLE AS. The underlying issue is in build.c/prepare.c. The impact is a potential crash (denial of service). Affected disclosures across Debian, Cloud Foundry, and distro advisories co...