Export limit exceeded: 349628 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349628 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20021 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | N/A |
| LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM | ||||
| CVE-2018-20020 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | N/A |
| LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution | ||||
| CVE-2018-20019 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 9.8 Critical |
| LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution | ||||
| CVE-2018-20018 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. | ||||
| CVE-2018-20017 | 1 Sem-cms | 1 Semcms | 2024-11-21 | N/A |
| SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. | ||||
| CVE-2018-20015 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| YzmCMS v5.2 has admin/role/add.html CSRF. | ||||
| CVE-2018-20014 | 1 Urbackup | 1 Urbackup | 2024-11-21 | N/A |
| In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::GetFileHashAndMetadata NULL pointer dereference, leading to shutting down the client application. | ||||
| CVE-2018-20013 | 1 Urbackup | 1 Urbackup | 2024-11-21 | N/A |
| In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application. | ||||
| CVE-2018-20012 | 1 Phpcmf | 1 Phpcmf | 2024-11-21 | N/A |
| PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. | ||||
| CVE-2018-20011 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. | ||||
| CVE-2018-20010 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field. | ||||
| CVE-2018-20009 | 1 Domainmod | 1 Domainmod | 2024-11-21 | N/A |
| DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field. | ||||
| CVE-2018-20008 | 1 Iball | 2 Ib-wrb302n, Ib-wrb302n Firmware | 2024-11-21 | 6.8 Medium |
| iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console. | ||||
| CVE-2018-20007 | 1 Yeelight | 2 Smart Ai Speaker, Smart Ai Speaker Firmware | 2024-11-21 | N/A |
| Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user information. | ||||
| CVE-2018-20006 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| An issue was discovered in PHPok v5.0.055. There is a Stored XSS vulnerability via the title parameter to api.php?c=post&f=save (reachable via the index.php?id=book URI). | ||||
| CVE-2018-20005 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2024-11-21 | N/A |
| An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. | ||||
| CVE-2018-20004 | 3 Debian, Fedoraproject, Mini-xml Project | 3 Debian Linux, Fedora, Mini-xml | 2024-11-21 | 8.8 High |
| An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. | ||||
| CVE-2018-20002 | 3 F5, Gnu, Netapp | 4 Traffix Signaling Delivery Controller, Binutils, Cluster Data Ontap and 1 more | 2024-11-21 | N/A |
| The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. | ||||
| CVE-2018-20001 | 1 Libav | 1 Libav | 2024-11-21 | N/A |
| In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input. | ||||
| CVE-2018-20000 | 1 Apereo | 1 Bw-webdav | 2024-11-21 | N/A |
| Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java. | ||||