Export limit exceeded: 24696 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24696 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19636 | 1 Opensuse | 1 Supportutils | 2024-11-21 | N/A |
| Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges | ||||
| CVE-2018-19629 | 1 Hyland | 1 Perceptive Content Server | 2024-11-21 | N/A |
| A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection. | ||||
| CVE-2018-19609 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
| ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL. | ||||
| CVE-2018-19587 | 1 Cesanta | 1 Mongoose | 2024-11-21 | N/A |
| In Cesanta Mongoose 6.13, a SIGSEGV exists in the mongoose.c mg_mqtt_add_session() function. | ||||
| CVE-2018-19580 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. | ||||
| CVE-2018-19556 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | N/A |
| zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability | ||||
| CVE-2018-19531 | 1 Httl Project | 1 Httl | 2024-11-21 | N/A |
| HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting. | ||||
| CVE-2018-19530 | 1 Httl Project | 1 Httl | 2024-11-21 | N/A |
| HTTL (aka Hyper-Text Template Language) through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting. | ||||
| CVE-2018-19524 | 1 Skyworthdigital | 6 Dt721-cb, Dt721-cb Firmware, Dt740 and 3 more | 2024-11-21 | N/A |
| An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7. | ||||
| CVE-2018-19522 | 1 Driveragent | 1 Driveragent | 2024-11-21 | 5.5 Medium |
| DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x800020F4) with a buffer containing user defined content. The driver's subroutine will execute a wrmsr instruction with the user's buffer for partial input. | ||||
| CVE-2018-19516 | 1 Kde | 1 Kde Applications | 2024-11-21 | 5.3 Medium |
| messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | ||||
| CVE-2018-19487 | 1 Wp-jobhunt Project | 1 Wp-jobhunt | 2024-11-21 | N/A |
| The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. | ||||
| CVE-2018-19478 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-21 | N/A |
| In Artifex Ghostscript before 9.26, a carefully crafted PDF file can trigger an extremely long running computation when parsing the file. | ||||
| CVE-2018-19456 | 2 Opensuse, Wplaunchpad | 2 Leap, Wpbackupplus | 2024-11-21 | N/A |
| The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql. | ||||
| CVE-2018-19413 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | N/A |
| A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system. | ||||
| CVE-2018-19358 | 1 Gnome | 1 Gnome-keyring | 2024-11-21 | N/A |
| GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket. | ||||
| CVE-2018-19300 | 2 D-link, Dlink | 17 Dap-1530 Firmware, Dap-1610 Firmware, Dwr-116 Firmware and 14 more | 2024-11-21 | N/A |
| On D-Link DAP-1530 (A1) before firmware version 1.06b01, DAP-1610 (A1) before firmware version 1.06b01, DWR-111 (A1) before firmware version 1.02v02, DWR-116 (A1) before firmware version 1.06b03, DWR-512 (B1) before firmware version 2.02b01, DWR-711 (A1) through firmware version 1.11, DWR-712 (B1) before firmware version 2.04b01, DWR-921 (A1) before firmware version 1.02b01, and DWR-921 (B1) before firmware version 2.03b01, there exists an EXCU_SHELL file in the web directory. By sending a GET request with specially crafted headers to the /EXCU_SHELL URI, an attacker could execute arbitrary shell commands in the root context on the affected device. Other devices might be affected as well. | ||||
| CVE-2018-19295 | 1 Sylabs | 1 Singularity | 2024-11-21 | N/A |
| Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. | ||||
| CVE-2018-19246 | 1 Php-proxy | 1 Php-proxy | 2024-11-21 | N/A |
| PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion. | ||||
| CVE-2018-19226 | 1 Laobancms | 1 Laobancms | 2024-11-21 | N/A |
| An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI. | ||||