Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349372 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20664 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | ||||
| CVE-2018-20663 | 1 Haulmont | 2 Cuba Platform, Reporting | 2024-11-21 | N/A |
| The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field. | ||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.5 Medium |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | ||||
| CVE-2018-20659 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A |
| An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls. | ||||
| CVE-2018-20658 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | N/A |
| The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command. | ||||
| CVE-2018-20657 | 3 F5, Gnu, Redhat | 3 Traffix Signaling Delivery Controller, Binutils, Enterprise Linux | 2024-11-21 | N/A |
| The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. | ||||
| CVE-2018-20652 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | N/A |
| An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception. | ||||
| CVE-2018-20651 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A |
| A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld. | ||||
| CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 6.5 Medium |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | ||||
| CVE-2018-20648 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | N/A |
| PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php. | ||||
| CVE-2018-20647 | 1 Car Rental Script Project | 1 Car Rental Script | 2024-11-21 | N/A |
| PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory. | ||||
| CVE-2018-20646 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | N/A |
| PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory. | ||||
| CVE-2018-20645 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | N/A |
| PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. | ||||
| CVE-2018-20644 | 1 Basic B2b Script Project | 1 Basic B2b Script | 2024-11-21 | N/A |
| PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature. | ||||
| CVE-2018-20643 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | N/A |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | ||||
| CVE-2018-20642 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | N/A |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field. | ||||
| CVE-2018-20641 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | N/A |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature. | ||||
| CVE-2018-20640 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | N/A |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has stored Cross-Site Scripting (XSS) via the Full Name field. | ||||
| CVE-2018-20639 | 1 Entrepreneur Job Portal Script Project | 1 Entrepreneur Job Portal Script | 2024-11-21 | N/A |
| PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar. | ||||
| CVE-2018-20638 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | N/A |
| PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory. | ||||