Export limit exceeded: 347799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347799 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16772 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
| Hoosk v1.7.0 allows XSS via the Navigation Title of a new page entered at admin/pages/new. | ||||
| CVE-2018-16771 | 1 Hoosk | 1 Hoosk | 2024-11-21 | N/A |
| Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php. | ||||
| CVE-2018-16770 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails. | ||||
| CVE-2018-16769 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled. | ||||
| CVE-2018-16768 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end. | ||||
| CVE-2018-16767 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand. | ||||
| CVE-2018-16766 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached. | ||||
| CVE-2018-16765 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_. | ||||
| CVE-2018-16764 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read. | ||||
| CVE-2018-16763 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 9.8 Critical |
| FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. | ||||
| CVE-2018-16762 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A |
| FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. | ||||
| CVE-2018-16761 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| Eventum before 3.4.0 has an open redirect vulnerability. | ||||
| CVE-2018-16759 | 1 Easycms | 1 Easycms | 2024-11-21 | N/A |
| The removeXSS function in App/Common/common.php (called from App/Modules/Index/Action/SearchAction.class.php) in EasyCMS v1.4 allows XSS via an onhashchange event. | ||||
| CVE-2018-16758 | 3 Debian, Starwindsoftware, Tinc-vpn | 3 Debian Linux, Starwind Virtual San, Tinc | 2024-11-21 | 5.9 Medium |
| Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows a man-in-the-middle attack to disable the encryption of VPN packets. | ||||
| CVE-2018-16752 | 1 Linknet-usa | 2 Lw-n605r, Lw-n605r Firmware | 2024-11-21 | N/A |
| LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases. | ||||
| CVE-2018-16750 | 3 Canonical, Imagemagick, Redhat | 3 Ubuntu Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| In ImageMagick 7.0.7-29 and earlier, a memory leak in the formatIPTCfromBuffer function in coders/meta.c was found. | ||||
| CVE-2018-16749 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.5 Medium |
| In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. | ||||
| CVE-2018-16745 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | N/A |
| An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it. | ||||
| CVE-2018-16744 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | N/A |
| An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used. | ||||
| CVE-2018-16743 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | N/A |
| An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. | ||||