Export limit exceeded: 24509 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24509 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10229 | 3 Google, Lg, Mozilla | 3 Chrome, Nexus 5, Firefox | 2024-11-21 | N/A |
| A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. | ||||
| CVE-2018-10219 | 1 Baijiacms Project | 1 Baijiacms | 2024-11-21 | N/A |
| baijiacms V3 has physical path leakage via an index.php?mod=mobile&name=member&do=index request. | ||||
| CVE-2018-10198 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
| An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets. | ||||
| CVE-2018-10189 | 1 Mautic | 1 Mautic | 2024-11-21 | N/A |
| An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is possible to systematically emulate tracking cookies per contact due to tracking the contact by their auto-incremented ID. Thus, a third party can manipulate the cookie value with +1 to systematically assume being tracked as each contact in Mautic. It is then possible to retrieve information about the contact through forms that have progressive profiling enabled. | ||||
| CVE-2018-10178 | 1 Iac | 1 Fromdoctopdf | 2024-11-21 | 5.3 Medium |
| The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command. | ||||
| CVE-2018-10142 | 1 Paloaltonetworks | 1 Expedition | 2024-11-21 | N/A |
| The Expedition Migration tool 1.0.106 and earlier may allow an unauthenticated attacker to enumerate files on the operating system. | ||||
| CVE-2018-10140 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
| The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | ||||
| CVE-2018-10106 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | N/A |
| D-Link DIR-815 REV. B (with firmware through DIR-815_REVB_FIRMWARE_PATCH_2.07.B01) devices have permission bypass and information disclosure in /htdocs/web/getcfg.php, as demonstrated by a /getcfg.php?a=%0a_POST_SERVICES%3DDEVICE.ACCOUNT%0aAUTHORIZED_GROUP%3D1 request. | ||||
| CVE-2018-10105 | 2 Redhat, Tcpdump | 3 Enterprise Linux, Rhel Eus, Tcpdump | 2024-11-21 | 9.8 Critical |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2). | ||||
| CVE-2018-10103 | 2 Redhat, Tcpdump | 3 Enterprise Linux, Rhel Eus, Tcpdump | 2024-11-21 | 9.8 Critical |
| tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2). | ||||
| CVE-2018-10087 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value. | ||||
| CVE-2018-10082 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or /lib/tasks/class.CmsSecurityCheck.task.php. | ||||
| CVE-2018-10072 | 1 Jungo | 1 Windriver | 2024-11-21 | N/A |
| windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call. | ||||
| CVE-2018-10071 | 1 Jungo | 1 Windriver | 2024-11-21 | N/A |
| windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB DeviceIoControl call. | ||||
| CVE-2018-10054 | 2 Cognitect, H2database | 2 Datomic, H2 | 2024-11-21 | 8.8 High |
| H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment." | ||||
| CVE-2018-10028 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | N/A |
| joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI. | ||||
| CVE-2018-1002204 | 1 Adm-zip Project | 1 Adm-zip | 2024-11-21 | 5.5 Medium |
| adm-zip npm library before 0.4.9 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-1002202 | 1 Zip4j Project | 1 Zip4j | 2024-11-21 | N/A |
| zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-1002201 | 1 Jrebel | 1 Zt-zip | 2024-11-21 | 5.5 Medium |
| zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'. | ||||
| CVE-2018-1002104 | 1 Kubernetes | 1 Nginx Ingress Controller | 2024-11-21 | 5.3 Medium |
| Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. | ||||