Export limit exceeded: 15585 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349374 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349374 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20716 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. | ||||
| CVE-2018-20715 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | N/A |
| The DB abstraction layer of OXID eSales 4.10.6 is vulnerable to SQL injection via the oxid or synchoxid parameter to the oxConfig::getRequestParameter() method in core/oxconfig.php. | ||||
| CVE-2018-20714 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A |
| The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. | ||||
| CVE-2018-20713 | 1 Shopware | 1 Shopware | 2024-11-21 | N/A |
| Shopware before 5.4.3 allows SQL Injection by remote authenticated users, aka SW-21404. | ||||
| CVE-2018-20712 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt. | ||||
| CVE-2018-20703 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string. | ||||
| CVE-2018-20699 | 2 Docker, Redhat | 3 Engine, Enterprise Linux Server, Rhel Extras Other | 2024-11-21 | N/A |
| Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go. | ||||
| CVE-2018-20698 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. | ||||
| CVE-2018-20687 | 1 Raritan | 1 Commandcenter Secure Gateway | 2024-11-21 | 9.8 Critical |
| An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-20684 | 1 Winscp | 1 Winscp | 2024-11-21 | N/A |
| In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. | ||||
| CVE-2018-20683 | 1 Gitolite | 1 Gitolite | 2024-11-21 | N/A |
| commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. | ||||
| CVE-2018-20682 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | N/A |
| Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). | ||||
| CVE-2018-20681 | 1 Mate-desktop | 1 Mate-screensaver | 2024-11-21 | N/A |
| mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse. | ||||
| CVE-2018-20680 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. | ||||
| CVE-2018-20678 | 1 Librenms | 1 Librenms | 2024-11-21 | N/A |
| LibreNMS through 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search. | ||||
| CVE-2018-20677 | 2 Getbootstrap, Redhat | 8 Bootstrap, Ceph Storage, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. | ||||
| CVE-2018-20676 | 2 Getbootstrap, Redhat | 8 Bootstrap, Ceph Storage, Enterprise Linux and 5 more | 2024-11-21 | N/A |
| In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. | ||||
| CVE-2018-20675 | 1 Dlink | 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more | 2024-11-21 | 9.8 Critical |
| D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authentication bypass. | ||||
| CVE-2018-20674 | 1 Dlink | 8 Dir-822, Dir-822-us, Dir-822-us Firmware and 5 more | 2024-11-21 | N/A |
| D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before v3.11B01Beta, DIR-850L A* before v1.21B08Beta, DIR-850L B* before v2.22B03Beta, and DIR-880L A* before v1.20B02Beta devices allow authenticated remote command execution. | ||||
| CVE-2018-20673 | 2 Gnu, Redhat | 2 Binutils, Enterprise Linux | 2024-11-21 | N/A |
| The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. | ||||