Export limit exceeded: 350813 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350813 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8107 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-8106 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-8105 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-8104 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-8103 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-8102 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-8101 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-8100 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-8099 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-11-21 | 6.5 Medium |
| Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. | ||||
| CVE-2018-8098 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-11-21 | 6.5 Medium |
| Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. | ||||
| CVE-2018-8097 | 1 Python-eve | 1 Eve | 2024-11-21 | N/A |
| io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter. | ||||
| CVE-2018-8096 | 1 Datalust | 1 Seq | 2024-11-21 | N/A |
| Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via '"Name":"isauthenticationenabled","Value":false' in an api/settings/setting-isauthenticationenabled PUT request. | ||||
| CVE-2018-8092 | 1 Mautic | 1 Mautic | 2024-11-21 | N/A |
| Mautic before 2.13.0 allows CSV injection. | ||||
| CVE-2018-8090 | 1 Quickheal | 3 Antivirus Pro, Internet Security, Total Security | 2024-11-21 | 7.8 High |
| Quick Heal Total Security 64 bit 17.00 (QHTS64.exe), (QHTSFT64.exe) - Version 10.0.1.38; Quick Heal Total Security 32 bit 17.00 (QHTS32.exe), (QHTSFT32.exe) - Version 10.0.1.38; Quick Heal Internet Security 64 bit 17.00 (QHIS64.exe), (QHISFT64.exe) - Version 10.0.0.37; Quick Heal Internet Security 32 bit 17.00 (QHIS32.exe), (QHISFT32.exe) - Version 10.0.0.37; Quick Heal AntiVirus Pro 64 bit 17.00 (QHAV64.exe), (QHAVFT64.exe) - Version 10.0.0.37; and Quick Heal AntiVirus Pro 32 bit 17.00 (QHAV32.exe), (QHAVFT32.exe) - Version 10.0.0.37 allow DLL Hijacking because of Insecure Library Loading. | ||||
| CVE-2018-8088 | 3 Oracle, Qos, Redhat | 23 Goldengate Application Adapters, Goldengate Stream Analytics, Utilities Framework and 20 more | 2024-11-21 | 9.8 Critical |
| org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. | ||||
| CVE-2018-8087 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-11-21 | N/A |
| Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. | ||||
| CVE-2018-8078 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | ||||
| CVE-2018-8076 | 1 Zenmate | 1 Zenmate | 2024-11-21 | N/A |
| ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker. | ||||
| CVE-2018-8074 | 1 Yiiframework | 1 Yii | 2024-11-21 | N/A |
| Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension. | ||||
| CVE-2018-8073 | 1 Yiiframework | 1 Yii | 2024-11-21 | N/A |
| Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension. | ||||