Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349372 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25015 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. | ||||
| CVE-2018-25014 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.8 Critical |
| A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | ||||
| CVE-2018-25013 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | ||||
| CVE-2018-25012 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||||
| CVE-2018-25011 | 2 Redhat, Webmproject | 4 Enterprise Linux, Rhel Eus, Rhmt and 1 more | 2024-11-21 | 9.8 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | ||||
| CVE-2018-25010 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||||
| CVE-2018-25009 | 2 Redhat, Webmproject | 2 Enterprise Linux, Libwebp | 2024-11-21 | 9.1 Critical |
| A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||||
| CVE-2018-25008 | 1 Rust-lang | 1 Rust | 2024-11-21 | 5.9 Medium |
| In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions. | ||||
| CVE-2018-25007 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 2.6 Low |
| Missing check in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.5 (Vaadin 10.0.0 through 10.0.7, and 11.0.0 through 11.0.2) allows attacker to update element property values via crafted synchronization message. | ||||
| CVE-2018-25004 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.9 Medium |
| A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects MongoDB Server v4.0 versions prior to 4.0.6 and MongoDB Server v3.6 versions prior to 3.6.11. | ||||
| CVE-2018-25002 | 1 Sunhater | 1 Kcfinder | 2024-11-21 | 8.8 High |
| uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2018-25001 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free. | ||||
| CVE-2018-21270 | 2 Nodejs, Redhat | 2 Node.js, Quay | 2024-11-21 | 6.5 Medium |
| Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). | ||||
| CVE-2018-21269 | 1 Openrc Project | 1 Openrc | 2024-11-21 | 5.5 Medium |
| checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink. | ||||
| CVE-2018-21268 | 1 Traceroute Project | 1 Traceroute | 2024-11-21 | 10 Critical |
| The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character. | ||||
| CVE-2018-21265 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications). | ||||
| CVE-2018-21264 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | ||||
| CVE-2018-21263 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | ||||
| CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | ||||
| CVE-2018-21261 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges. | ||||