Export limit exceeded: 349443 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349443 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21251 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body. | ||||
| CVE-2018-21250 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. | ||||
| CVE-2018-21249 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.7 Low |
| An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing. | ||||
| CVE-2018-21248 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | ||||
| CVE-2018-21247 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | ||||
| CVE-2018-21246 | 1 Caddyserver | 1 Caddy | 2024-11-21 | 9.8 Critical |
| Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. | ||||
| CVE-2018-21245 | 1 Apsis | 1 Pound | 2024-11-21 | 9.1 Critical |
| Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711. | ||||
| CVE-2018-21244 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029. | ||||
| CVE-2018-21243 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM object mishandling when Microsoft Word is used. | ||||
| CVE-2018-21242 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action. | ||||
| CVE-2018-21241 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 7.8 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. | ||||
| CVE-2018-21240 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||
| CVE-2018-21239 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows NTLM credential theft via a GoToE or GoToR action. | ||||
| CVE-2018-21238 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||
| CVE-2018-21237 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NTLM credential theft via a GoToE or GoToR action. | ||||
| CVE-2018-21236 | 1 Foxitsoftware | 1 Reader | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. | ||||
| CVE-2018-21235 | 1 Foxitsoftware | 1 E-mail Advertising System | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. | ||||
| CVE-2018-21234 | 2 Apache, Jodd | 2 Hive, Jodd | 2024-11-21 | 9.8 Critical |
| Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. | ||||
| CVE-2018-21233 | 1 Google | 1 Tensorflow | 2024-11-21 | 6.5 Medium |
| TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc. | ||||
| CVE-2018-21232 | 1 Re2c | 1 Re2c | 2024-11-21 | 5.5 Medium |
| re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags. | ||||