Export limit exceeded: 349896 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349896 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349896 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5339 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | ||||
| CVE-2018-5338 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | ||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | ||||
| CVE-2018-5336 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. | ||||
| CVE-2018-5335 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. | ||||
| CVE-2018-5334 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. | ||||
| CVE-2018-5333 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | N/A |
| In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. | ||||
| CVE-2018-5332 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). | ||||
| CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2024-11-21 | N/A |
| Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | ||||
| CVE-2018-5330 | 1 Zyxel | 2 P-660hw V3, P-660hw V3 Firmware | 2024-11-21 | N/A |
| ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | ||||
| CVE-2018-5329 | 1 Beims | 1 Contractorweb.net | 2024-11-21 | N/A |
| ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. | ||||
| CVE-2018-5328 | 1 Beims | 1 Contractorweb.net | 2024-11-21 | N/A |
| ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details. | ||||
| CVE-2018-5327 | 2 Cmcm, Google | 2 Armorfly Browser \& Downloader, Android | 2024-11-21 | N/A |
| Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | ||||
| CVE-2018-5326 | 2 Cmcm, Google | 2 Cm Browser, Android | 2024-11-21 | N/A |
| Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | ||||
| CVE-2018-5319 | 1 Ravpower | 1 Filehub Firmware | 2024-11-21 | N/A |
| RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | ||||
| CVE-2018-5316 | 1 Patsatech | 1 Sagepay Server Gateway For Woocommerce | 2024-11-21 | N/A |
| The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. | ||||
| CVE-2018-5315 | 1 Wp Events Calendar Project | 1 Wp Events Calendar | 2024-11-21 | N/A |
| The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. | ||||
| CVE-2018-5314 | 1 Citrix | 3 Netscaler Application Delivery Controller, Netscaler Gateway, Netscaler Sd-wan | 2024-11-21 | N/A |
| Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. | ||||
| CVE-2018-5313 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A |
| A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. | ||||
| CVE-2018-5312 | 1 Wpshopmart | 1 Tabs Responsive | 2024-11-21 | N/A |
| The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. | ||||