Export limit exceeded: 19317 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 24528 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24528 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12592 | 1 Polycom | 1 Realpresence Web Suite | 2024-11-21 | N/A |
| Polycom RealPresence Web Suite before 2.2.0 does not block a user's video for a few seconds upon joining a meeting (when the user has explicitly chosen to turn off the video using a specific option). During those seconds, a meeting invitee may unknowingly be on camera with other participants able to view. | ||||
| CVE-2018-12565 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2024-11-21 | 8.8 High |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. | ||||
| CVE-2018-12564 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2024-11-21 | N/A |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. | ||||
| CVE-2018-12563 | 1 Linaro | 1 Lava | 2024-11-21 | N/A |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. | ||||
| CVE-2018-12562 | 1 Cantata Project | 1 Cantata | 2024-11-21 | N/A |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string). | ||||
| CVE-2018-12561 | 1 Cantata Project | 1 Cantata | 2024-11-21 | N/A |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL. | ||||
| CVE-2018-12557 | 1 Zuul-ci | 1 Zuul | 2024-11-21 | N/A |
| An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could lead to accidentally leaking credentials or secrets. | ||||
| CVE-2018-12549 | 2 Eclipse, Redhat | 8 Openj9, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | N/A |
| In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. | ||||
| CVE-2018-12547 | 2 Eclipse, Redhat | 8 Openj9, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | N/A |
| In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. | ||||
| CVE-2018-12543 | 1 Eclipse | 1 Mosquitto | 2024-11-21 | N/A |
| In Eclipse Mosquitto versions 1.5 to 1.5.2 inclusive, if a message is published to Mosquitto that has a topic starting with $, but that is not $SYS, e.g. $test/test, then an assert is triggered that should otherwise not be reachable and Mosquitto will exit. | ||||
| CVE-2018-12537 | 2 Eclipse, Redhat | 3 Vert.x, Jboss Fuse, Openshift Application Runtimes | 2024-11-21 | N/A |
| In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response. | ||||
| CVE-2018-12536 | 3 Eclipse, Oracle, Redhat | 3 Jetty, Retail Xstore Point Of Service, Jboss Fuse | 2024-11-21 | 5.3 Medium |
| In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. If this InvalidPathException is then handled by the default Error Handler, the InvalidPathException message is included in the error response, revealing the full server path to the requesting system. | ||||
| CVE-2018-12525 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /images/ provides a directory listing. | ||||
| CVE-2018-12524 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /lib/ provides a directory listing. | ||||
| CVE-2018-12523 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /etc/ provides a directory listing. | ||||
| CVE-2018-12522 | 1 Perfsonar | 1 Monitoring And Debugging Dashboard | 2024-11-21 | N/A |
| An issue was discovered in perfSONAR Monitoring and Debugging Dashboard (MaDDash) 2.0.2. A direct request to /style/ provides a directory listing. | ||||
| CVE-2018-12492 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | ||||
| CVE-2018-12481 | 1 The Olive Tree Ftp Server Project | 1 The Olive Tree Ftp Server | 2024-11-21 | N/A |
| The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. | ||||
| CVE-2018-12479 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. | ||||
| CVE-2018-12478 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown. | ||||