Export limit exceeded: 24530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13796 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. | ||||
| CVE-2018-13795 | 1 Creolabs | 1 Gravity | 2024-11-21 | N/A |
| Gravity before 0.5.1 does not support a maximum recursion depth. | ||||
| CVE-2018-13391 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | N/A |
| The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3 and from version 7.11.0 before version 7.11.2 allows remote attackers who can access & view an issue to obtain the email address of the reporter and assignee user of an issue despite the configured email visibility setting being set to hidden. | ||||
| CVE-2018-13389 | 1 Atlassian | 1 Confluence | 2024-11-21 | N/A |
| The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml. | ||||
| CVE-2018-13378 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | N/A |
| An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code. | ||||
| CVE-2018-13371 | 1 Fortinet | 1 Fortios | 2024-11-21 | 8.8 High |
| An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component. | ||||
| CVE-2018-13367 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. | ||||
| CVE-2018-13366 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. | ||||
| CVE-2018-13365 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A |
| An Information Exposure vulnerability in Fortinet FortiOS 6.0.1, 5.6.5 and below, allow attackers to learn private IP as well as the hostname of FortiGate via Application Control Block page. | ||||
| CVE-2018-13361 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| User enumeration in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to list all system users via the "modgroup" parameter. | ||||
| CVE-2018-13352 | 1 Terra-master | 1 Terramaster Operating System | 2024-11-21 | N/A |
| Session Exposure in the web application for TerraMaster TOS version 3.1.03 allows attackers to view active session tokens in a world-readable directory. | ||||
| CVE-2018-13348 | 1 Mercurial | 1 Mercurial | 2024-11-21 | N/A |
| The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001. | ||||
| CVE-2018-13347 | 2 Mercurial, Redhat | 2 Mercurial, Enterprise Linux | 2024-11-21 | N/A |
| mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. | ||||
| CVE-2018-13346 | 2 Mercurial, Redhat | 2 Mercurial, Enterprise Linux | 2024-11-21 | N/A |
| The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004. | ||||
| CVE-2018-13319 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | N/A |
| Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | ||||
| CVE-2018-13315 | 1 Totolink | 2 A3002ru, A3002ru Firmware | 2024-11-21 | N/A |
| Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request. | ||||
| CVE-2018-13297 | 1 Synology | 1 Drive Server | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | ||||
| CVE-2018-13295 | 1 Synology | 1 Application Service | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | ||||
| CVE-2018-13294 | 1 Synology | 1 Application Service | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | ||||
| CVE-2018-13292 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||