Export limit exceeded: 335571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (41655 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11652 | 1 Cirt.net | 1 Nikto | 2024-11-21 | N/A |
| CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report. | ||||
| CVE-2018-11625 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | N/A |
| In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file. | ||||
| CVE-2018-11621 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896. | ||||
| CVE-2018-11620 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5756. | ||||
| CVE-2018-11615 | 1 Mosca Project | 1 Mosca | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306. | ||||
| CVE-2018-11598 | 1 Espruino | 1 Espruino | 2024-11-21 | N/A |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c. | ||||
| CVE-2018-11596 | 1 Espruino | 1 Espruino | 2024-11-21 | N/A |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c. | ||||
| CVE-2018-11595 | 1 Espruino | 1 Espruino | 2024-11-21 | N/A |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax parsing, because strncat is misused. | ||||
| CVE-2018-11594 | 1 Espruino | 1 Espruino | 2024-11-21 | N/A |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c. | ||||
| CVE-2018-11592 | 1 Espruino | 1 Espruino | 2024-11-21 | N/A |
| Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrap_graphics.c. | ||||
| CVE-2018-11590 | 1 Espruino | 1 Espruino | 2024-11-21 | N/A |
| Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c. | ||||
| CVE-2018-11578 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | N/A |
| GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault. | ||||
| CVE-2018-11577 | 4 Canonical, Liblouis, Opensuse and 1 more | 4 Ubuntu Linux, Liblouis, Leap and 1 more | 2024-11-21 | N/A |
| Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c. | ||||
| CVE-2018-11576 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | N/A |
| ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor. | ||||
| CVE-2018-11561 | 1 Erc20token Project | 1 Erc20token | 2024-11-21 | 7.5 High |
| An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker's digital assets. | ||||
| CVE-2018-11547 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination. | ||||
| CVE-2018-11546 | 1 Md4c Project | 1 Md4c | 2024-11-21 | N/A |
| md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error. | ||||
| CVE-2018-11531 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | N/A |
| Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp. | ||||
| CVE-2018-11526 | 1 Webtoffee | 1 Wordpress Comments Import And Export | 2024-11-21 | N/A |
| The plugin "WordPress Comments Import & Export" for WordPress (v2.0.4 and before) is vulnerable to CSV Injection. | ||||
| CVE-2018-11525 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | N/A |
| The plugin "Advanced Order Export For WooCommerce" for WordPress (v1.5.4 and before) is vulnerable to CSV Injection. | ||||