Export limit exceeded: 349277 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349277 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349277 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349277 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20148 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. | ||||
| CVE-2018-20147 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | N/A |
| In WordPress before 4.9.9 and 5.x before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files. | ||||
| CVE-2018-20146 | 1 Liquidware | 2 Flexapp, Profileunity | 2024-11-21 | N/A |
| An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. | ||||
| CVE-2018-20145 | 1 Eclipse | 1 Mosquitto | 2024-11-21 | N/A |
| Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored. | ||||
| CVE-2018-20144 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab Community and Enterprise Edition 11.x before 11.3.13, 11.4.x before 11.4.11, and 11.5.x before 11.5.4 has Incorrect Access Control. | ||||
| CVE-2018-20141 | 1 Abantecart | 1 Abantecart | 2024-11-21 | N/A |
| AbanteCart 1.2.12 has reflected cross-site scripting (XSS) via the sort parameter, as demonstrated by a /apparel--accessories?sort= substring. | ||||
| CVE-2018-20140 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | N/A |
| Zenphoto 1.4.14 has multiple cross-site scripting (XSS) vulnerabilities via different URL parameters. | ||||
| CVE-2018-20138 | 1 Readymadeb2bscript | 1 Entrepreneur B2b Script | 2024-11-21 | 5.4 Medium |
| PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541. | ||||
| CVE-2018-20137 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A |
| XSS exists in FUEL CMS 1.4.3 via the Page title, Meta description, or Meta keywords during page data management, as demonstrated by the pages/edit/1?lang=english URI. | ||||
| CVE-2018-20136 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A |
| XSS exists in FUEL CMS 1.4.3 via the Header or Body in the Layout Variables during new-page creation, as demonstrated by the pages/edit/1?lang=english URI. | ||||
| CVE-2018-20135 | 1 Samsung | 1 Galaxy Apps | 2024-11-21 | N/A |
| Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071. | ||||
| CVE-2018-20133 | 1 Ymlref Project | 1 Ymlref | 2024-11-21 | N/A |
| ymlref allows code injection. | ||||
| CVE-2018-20131 | 2 Code42, Linux | 2 Code42, Linux Kernel | 2024-11-21 | N/A |
| The Code42 app before 6.8.4, as used in Code42 for Enterprise, on Linux installs with overly permissive permissions on the /usr/local/crashplan/log directory. This allows a user to manipulate symbolic links to escalate privileges, or show the contents of sensitive files that a regular user would not have access to. | ||||
| CVE-2018-20129 | 1 Dedecms | 1 Dedecms | 2024-11-21 | N/A |
| An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value. | ||||
| CVE-2018-20128 | 1 Usualtool | 1 Usualtoolcms | 2024-11-21 | N/A |
| An issue was discovered in UsualToolCMS v8.0. cmsadmin\a_sqlback.php allows remote attackers to delete arbitrary files via a backname[] directory-traversal pathname followed by a crafted substring. | ||||
| CVE-2018-20127 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 7.5 High |
| An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds. | ||||
| CVE-2018-20126 | 3 Canonical, Opensuse, Qemu | 3 Ubuntu Linux, Leap, Qemu | 2024-11-21 | 5.5 Medium |
| hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. | ||||
| CVE-2018-20125 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2024-11-21 | 7.5 High |
| hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | ||||
| CVE-2018-20124 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2024-11-21 | 5.5 Medium |
| hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value. | ||||
| CVE-2018-20123 | 3 Canonical, Fedoraproject, Qemu | 3 Ubuntu Linux, Fedora, Qemu | 2024-11-21 | 5.5 Medium |
| pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error. | ||||