Export limit exceeded: 347446 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347446 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14947 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | N/A |
| An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | ||||
| CVE-2018-14946 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | N/A |
| An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). | ||||
| CVE-2018-14945 | 1 Jpeg Encoder Project | 1 Jpeg Encoder | 2024-11-21 | N/A |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp. | ||||
| CVE-2018-14944 | 1 Jpeg Encoder Project | 1 Jpeg Encoder | 2024-11-21 | N/A |
| An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write. | ||||
| CVE-2018-14943 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-11-21 | N/A |
| Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. | ||||
| CVE-2018-14942 | 1 Harmonicinc | 2 Nsg 9000, Nsg 9000 Firmware | 2024-11-21 | N/A |
| Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. | ||||
| CVE-2018-14941 | 1 Harmonicinc | 1 Nsg 9000 | 2024-11-21 | N/A |
| Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. | ||||
| CVE-2018-14940 | 1 Phpcms | 1 Phpcms | 2024-11-21 | N/A |
| PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. | ||||
| CVE-2018-14939 | 1 Libreoffice | 1 Libreoffice | 2024-11-21 | N/A |
| The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. | ||||
| CVE-2018-14938 | 2 Canonical, Digitalcorpora | 2 Ubuntu Linux, Tcpflow | 2024-11-21 | N/A |
| An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). | ||||
| CVE-2018-14937 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | N/A |
| The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. | ||||
| CVE-2018-14936 | 1 Mylittleforum | 1 My Little Forum | 2024-11-21 | N/A |
| The Add page option in my little forum 2.4.12 allows XSS via the Title field. | ||||
| CVE-2018-14935 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2024-11-21 | N/A |
| The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | ||||
| CVE-2018-14934 | 1 Polycom | 2 Trio 8500, Trio 8500 Firmware | 2024-11-21 | N/A |
| The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone. | ||||
| CVE-2018-14931 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | N/A |
| An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI. | ||||
| CVE-2018-14930 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | N/A |
| An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI. | ||||
| CVE-2018-14929 | 1 Matera | 1 Banco | 2024-11-21 | N/A |
| Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter. | ||||
| CVE-2018-14928 | 1 Matera | 1 Banco | 2024-11-21 | N/A |
| /contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter. | ||||
| CVE-2018-14927 | 1 Matera | 1 Banco | 2024-11-21 | N/A |
| Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp. | ||||
| CVE-2018-14926 | 1 Matera | 1 Banco | 2024-11-21 | N/A |
| Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request. | ||||