Export limit exceeded: 349399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349399 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20749 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 9.8 Critical |
| LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. | ||||
| CVE-2018-20748 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 9.8 Critical |
| LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. | ||||
| CVE-2018-20745 | 1 Yiiframework | 1 Yii | 2024-11-21 | N/A |
| Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. | ||||
| CVE-2018-20744 | 1 Go Cors Project | 1 Go Cors | 2024-11-21 | N/A |
| The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems. | ||||
| CVE-2018-20743 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | N/A |
| murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | ||||
| CVE-2018-20742 | 1 Ucbrise | 1 Opaque | 2024-11-21 | N/A |
| An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory write. | ||||
| CVE-2018-20737 | 1 Wso2 | 3 Api Manager, Identity Server, Identity Server As Key Manager | 2024-11-21 | N/A |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. | ||||
| CVE-2018-20736 | 1 Wso2 | 1 Api Manager | 2024-11-21 | N/A |
| An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. | ||||
| CVE-2018-20735 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | N/A |
| An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration | ||||
| CVE-2018-20733 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | N/A |
| BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | ||||
| CVE-2018-20732 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | N/A |
| SAS Web Infrastructure Platform before 9.4M6 allows remote attackers to execute arbitrary code via a Java deserialization variant. | ||||
| CVE-2018-20731 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php. | ||||
| CVE-2018-20730 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A SQL injection vulnerability in NeDi before 1.7Cp3 allows any user to execute arbitrary SQL read commands via the query.php component. | ||||
| CVE-2018-20729 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php. | ||||
| CVE-2018-20728 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. | ||||
| CVE-2018-20727 | 1 Nedi | 1 Nedi | 2024-11-21 | N/A |
| Multiple command injection vulnerabilities in NeDi before 1.7Cp3 allow authenticated users to execute code on the server side via the flt parameter to Nodes-Traffic.php, the dv parameter to Devices-Graph.php, or the tit parameter to drawmap.php. | ||||
| CVE-2018-20726 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. | ||||
| CVE-2018-20725 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. | ||||
| CVE-2018-20724 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. | ||||
| CVE-2018-20723 | 1 Cacti | 1 Cacti | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. | ||||