cc.catalysts.boot:cat-boot-report-pdf (=0.0.10), com.bit-scout:pdf-converter (=1.0.0) +227 more potentially affected by CVE-2018-11797 via org.apache.pdfbox:pdfbox (>=1.8.0 <=1.8.15)

org.apache.pdfbox:pdfbox MAVEN version =1.8.0, =0.6, =0.9, =3.0, =1.3.3-2.10, =0.0.2, =0.0.2, =1.0, =1.0, =1.0, =1.3 and more Source cves: CVE-2018-11797 Source advisory: OSV:GHSA-GX96-VGF7-HWFG...

com.graphaware.neo4j:server (>=3.4.0.52 <=3.4.12.52), com.graphaware.neo4j:tests (>=3.4.0.52 <=3.4.12.52) +17 more potentially affected by CVE-2018-18389 via org.neo4j:neo4j-enterprise (>=3.4.0 <=3.4.8)

org.neo4j:neo4j-enterprise MAVEN version =3.4.0, =3.4.0.52, =3.4.0.52, =3.0.0, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =3.4.0, =3.4.0, =0.1.9, =0.2.7 and more Source cves: CVE-2018-18389 Source advisory: OSV:GHSA-H5F5-RJ4R-42F6...

CVE-2018-3189

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite subcomponent: Outcome-Result. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

org.apache.struts:struts2-assembly (>=2.5.1 <=2.5.12), org.apache.struts:struts2-rest-showcase (>=2.5.1 <=2.5.12) potentially affected by CVE-2017-9793 +1 more via org.apache.struts:struts2-rest-plugin (>=2.5.1 <=2.5.12)

org.apache.struts:struts2-rest-plugin MAVEN version =2.5.1, =2.5.1, =2.5.1, =2.5.12 Source cves: CVE-2017-9793, CVE-2017-9805 Source advisory: OSV:GHSA-VWXJ-6M5M-RRVH...

bouncycastle: Carry propagation bug in math.raw.Nat??? class

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed org.bouncycastle.math.raw.Nat???. These classes are used by our custom elliptic curve implementations...

Wireshark Denial of Service Vulnerability (CNVD-2019-18506)

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the CoAP parser in Wireshark versions 2.6.0...

DEBIAN-CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...

cloudxns-ddns-service (=1.0.0), coderedcms (>=0.10.0 <=0.14.1) +97 more potentially affected by CVE-2018-16984 via django (>=2.1.0 <=2.1.15)

django PYPI version =2.1.0, =0.10.0, =2.4.0, =0.3.1, =0.1.6, =0.2.0, =1.3.2, =0.1.0, =0.1.0a3 - django-basicauth =0.5.1 - django-brunch =1.0.3 and more Source cves: CVE-2018-16984 Source advisory: OSV:GHSA-6MX3-3VQG-HPP2...

PT-2018-14016 · Phonepe · Phonepe

Name of the Vulnerable Software and Affected Versions: PhonePe wallet aka com.PhonePe.app versions 3.0.6 through 3.3.26 Description: The issue might allow attackers to impersonate a user and set up their account without their knowledge. To exploit this, the user has to explicitly install a...

UBUNTU-CVE-2018-11761

In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack...

88slot-ap (=1.0.0), @bipsync/apiclient (>=0.0.23 <=0.2.5) +163 more potentially affected by CVE-2018-16459 via exceljs (>=0.2.11 <=1.5.1)

exceljs NPM version =0.2.11, =0.0.23, =1.0.12, =2.0.2, =2.0.0, =1.1.0, =1.0.0, =1.0.3, =0.2.0, =1.0.0, =1.0.3, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2018-16459 Source advisory: OSV:GHSA-2J2J-8RRV-264G...

Wireshark Radiotap Parser Denial of Service Vulnerability

Wireshark formerly Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.Radiotap dissector is one of the Radiotap the de facto standard for 802.11 frame injectio...

DEBIAN-CVE-2018-1318

Adding method ACLs in remap.config can cause a segfault when the user makes a carefully crafted request. This affects versions Apache Traffic Server ATS 6.0.0 to 6.2.2 and 7.0.0 to 7.1.3. To resolve this issue users running 6.x should upgrade to 6.2.3 or later versions and 7.x users should upgrad...

@felixrieseberg/electron-prebuilt-compile (>=3.0.0-beta.1 <=3.0.0-beta.13), @getstation/electron-prebuilt-compile (=3.0.0-beta.12) +1 more potentially affected by CVE-2018-15685 via electron (>=3.0.0-beta.1 <=3.0.0-beta.6)

electron NPM version =3.0.0-beta.1, =3.0.0-beta.1, =3.0.0-beta.1, =3.0.0-beta.5 Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...

4cdl (>=1.0.1 <=1.0.7), 77cli (>=0.0.10 <=0.0.12) +365 more potentially affected by CVE-2018-15685 via electron (>=2.0.0 <=2.0.8-nightly.20180820)

electron NPM version =2.0.0, =1.0.1, =0.0.10, =3.0.5, =0.1.0, =1.0.0, =0.0.2, =0.0.1, =1.0.2, =0.0.1, =1.1.0, =0.0.1, =0.0.5 and more Source cves: CVE-2018-15685 Source advisory: OSV:GHSA-HV9C-QWQG-QJ3V...

abbr (=0.0.0), aequitas (>=0.26.0 <=0.42.0) +112 more potentially affected by CVE-2018-1000656 via flask (>=0.10.1 <=0.12.2)

flask PYPI version =0.10.1, =0.26.0, =1.4.15, =0.11.1, =0.4.0, =0.1.0, =0.1.1, =0.1.17, =0.1.0, =0.4.1, =0.1.0, =0.0.1, =1.0.8, =1.1.0 and more Source cves: CVE-2018-1000656 Source advisory: OSV:PYSEC-2018-66...

IBM Tivoli Application Dependency Discovery Manager Cross-Site Request Forgery Vulnerability

IBM Tivoli Application Dependency Discovery Manager TADDM is a product in a suite of IT service management solutions from IBM USA that provides robust automated application mapping and discovery to help administrators understand the structure, state, configuration and change history of business...

IBM API Connect Server-Side Request Forgery Vulnerability

IBM API Connect aka APIConnect is a set of integrated solutions for managing the API lifecycle from IBM in the United States. The solution supports creating, running, managing and protecting APIs and microservices, etc. Developer Portal is one of the developer portals. A server-side request forge...

@sematext/logagent (>=2.0.101 <=2.0.126), cashew-mqtt (>=0.0.6 <=0.1.20) +6 more potentially affected by CVE-2018-3778 via aedes (>=0.11.1 <=0.34.1)

aedes NPM version =0.11.1, =2.0.101, =0.0.6, =0.1.0, =0.0.1, =0.5.1, =1.0.2, =0.0.1, =0.5.1, =0.5.16 Source cves: CVE-2018-3778 Source advisory: OSV:GHSA-4CMX-HRQ9-C23P...

libsbmlsim (>=0.0.1 <=0.0.2), wa-bisnis-bot (=1.0.0) potentially affected by CVE-2016-10642 via cmake (>=0.0.1 <=0.0.4)

cmake NPM version =0.0.1, =0.0.1, =0.0.2 - wa-bisnis-bot =1.0.0 Source cves: CVE-2016-10642 Source advisory: OSV:GHSA-4J59-HFW6-6W7H...