• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-20

CVE-2018-12563

February 26, 2023 by

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it’s readable by lavaserver and valid yaml.

CVE-2018-12564

February 26, 2023 by

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.

CVE-2018-12565

February 26, 2023 by

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.

CVE-2018-12492

February 26, 2023 by

PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.

CVE-2018-12537

February 26, 2023 by

In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.

CVE-2018-12448

February 26, 2023 by

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser’s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 246
  • Go to page 247
  • Go to page 248
  • Go to page 249
  • Go to page 250
  • Interim pages omitted …
  • Go to page 681
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE