Export limit exceeded: 350469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350469 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350469 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5332 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). | ||||
| CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2024-11-21 | N/A |
| Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | ||||
| CVE-2018-5330 | 1 Zyxel | 2 P-660hw V3, P-660hw V3 Firmware | 2024-11-21 | N/A |
| ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | ||||
| CVE-2018-5329 | 1 Beims | 1 Contractorweb.net | 2024-11-21 | N/A |
| ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. | ||||
| CVE-2018-5328 | 1 Beims | 1 Contractorweb.net | 2024-11-21 | N/A |
| ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details. | ||||
| CVE-2018-5327 | 2 Cmcm, Google | 2 Armorfly Browser \& Downloader, Android | 2024-11-21 | N/A |
| Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | ||||
| CVE-2018-5326 | 2 Cmcm, Google | 2 Cm Browser, Android | 2024-11-21 | N/A |
| Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | ||||
| CVE-2018-5319 | 1 Ravpower | 1 Filehub Firmware | 2024-11-21 | N/A |
| RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | ||||
| CVE-2018-5316 | 1 Patsatech | 1 Sagepay Server Gateway For Woocommerce | 2024-11-21 | N/A |
| The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. | ||||
| CVE-2018-5315 | 1 Wp Events Calendar Project | 1 Wp Events Calendar | 2024-11-21 | N/A |
| The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. | ||||
| CVE-2018-5314 | 1 Citrix | 3 Netscaler Application Delivery Controller, Netscaler Gateway, Netscaler Sd-wan | 2024-11-21 | N/A |
| Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. | ||||
| CVE-2018-5313 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A |
| A vulnerability allows local attackers to escalate privilege on Rapid Scada 5.5.0 because of weak C:\SCADA permissions. The specific flaw exists within the access control that is set and modified during the installation of the product. The product sets weak access control restrictions. An attacker can leverage this vulnerability to execute arbitrary code under the context of Administrator, the IUSR account, or SYSTEM. | ||||
| CVE-2018-5312 | 1 Wpshopmart | 1 Tabs Responsive | 2024-11-21 | N/A |
| The tabs-responsive plugin 1.8.0 for WordPress has XSS via the post_title parameter to wp-admin/post.php. | ||||
| CVE-2018-5311 | 1 Tonjoostudio | 1 Easy Custom Auto Excerpt | 2024-11-21 | N/A |
| The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the tonjoo_ecae_options[custom_css] parameter to the wp-admin/admin.php?page=tonjoo_excerpt URI. | ||||
| CVE-2018-5310 | 1 Media From Ftp Project | 1 Media From Ftp | 2024-11-21 | N/A |
| In the "Media from FTP" plugin before 9.85 for WordPress, Directory Traversal exists via the searchdir parameter to the wp-admin/admin.php?page=mediafromftp-search-register URI. | ||||
| CVE-2018-5309 | 1 Podofo Project | 1 Podofo | 2024-11-21 | N/A |
| In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file. | ||||
| CVE-2018-5308 | 1 Podofo Project | 1 Podofo | 2024-11-21 | N/A |
| PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file. | ||||
| CVE-2018-5307 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. | ||||
| CVE-2018-5306 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. | ||||
| CVE-2018-5304 | 1 Impinj | 2 R420 Rfid Reader, R420 Rfid Reader Firmware | 2024-11-21 | N/A |
| An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or perform other malicious actions. | ||||