Export limit exceeded: 349888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349888 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20783 | 3 Opensuse, Php, Redhat | 4 Leap, Php, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in ext/phar/phar.c. | ||||
| CVE-2018-20782 | 1 Globee | 1 Woocommerce | 2024-11-21 | N/A |
| The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. | ||||
| CVE-2018-20781 | 3 Canonical, Gnome, Oracle | 3 Ubuntu Linux, Gnome Keyring, Zfs Storage Appliance Kit | 2024-11-21 | 7.8 High |
| In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. | ||||
| CVE-2018-20780 | 1 Traq | 1 Traq | 2024-11-21 | N/A |
| Traq 3.7.1 allows admin/users/new CSRF to create an admin account (aka group_id=1). | ||||
| CVE-2018-20779 | 1 Traq | 1 Traq | 2024-11-21 | N/A |
| Traq 3.7.1 allows SQL Injection via a tickets?search= URI. | ||||
| CVE-2018-20778 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element. | ||||
| CVE-2018-20777 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field. | ||||
| CVE-2018-20776 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 provides a directory listing for a /public request. | ||||
| CVE-2018-20775 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | ||||
| CVE-2018-20774 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field. | ||||
| CVE-2018-20773 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | ||||
| CVE-2018-20772 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | ||||
| CVE-2018-20771 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution. | ||||
| CVE-2018-20770 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is Blind SQL Injection. | ||||
| CVE-2018-20769 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is a Local File Inclusion vulnerability. | ||||
| CVE-2018-20768 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file. | ||||
| CVE-2018-20767 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution. | ||||
| CVE-2018-20764 | 2 Helpsystems, Linux | 2 Boks, Linux Kernel | 2024-11-21 | N/A |
| A buffer overflow exists in HelpSystems tcpcrypt on Linux, used for BoKS encrypted telnet through BoKS version 6.7.1. Since tcpcrypt is setuid, exploitation leads to privilege escalation. | ||||
| CVE-2018-20763 | 3 Canonical, Debian, Gpac Project | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | N/A |
| In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking. | ||||
| CVE-2018-20762 | 3 Canonical, Debian, Gpac Project | 3 Ubuntu Linux, Debian Linux, Gpac | 2024-11-21 | N/A |
| GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames. | ||||