Export limit exceeded: 348713 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348713 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348713 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348713 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348713 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19508 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | N/A |
| CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. | ||||
| CVE-2018-19507 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | N/A |
| CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. | ||||
| CVE-2018-19506 | 1 Zurmo | 1 Zurmo | 2024-11-21 | N/A |
| Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. | ||||
| CVE-2018-19505 | 1 Bmc | 1 Remedy Action Request System Server | 2024-11-21 | N/A |
| Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component allows a username substitution involving a UserData_Init call. | ||||
| CVE-2018-19504 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2024-11-21 | N/A |
| An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There is a NULL pointer dereference in ifilter_bank() in libfaad/filtbank.c. | ||||
| CVE-2018-19503 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2024-11-21 | N/A |
| An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a stack-based buffer overflow in the function calculate_gain() in libfaad/sbr_hfadj.c. | ||||
| CVE-2018-19502 | 1 Audiocoding | 1 Freeware Advanced Audio Decoder 2 | 2024-11-21 | N/A |
| An issue was discovered in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.1. There was a heap-based buffer overflow in the function excluded_channels() in libfaad/syntax.c. | ||||
| CVE-2018-19499 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | N/A |
| Vanilla before 2.5.5 and 2.6.x before 2.6.2 allows Remote Code Execution because authenticated administrators have a reachable call to unserialize in the Gdn_Format class. | ||||
| CVE-2018-19498 | 1 Simplenia | 1 Pages | 2024-11-21 | N/A |
| The Simplenia Pages plugin 2.6.0 for Atlassian Bitbucket Server has XSS. | ||||
| CVE-2018-19497 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2024-11-21 | 6.5 Medium |
| In The Sleuth Kit (TSK) through 4.6.4, hfs_cat_traverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service (SEGV on unknown address with READ memory access in a tsk_getu16 call in hfs_dir_open_meta_cb in tsk/fs/hfs_dent.c). | ||||
| CVE-2018-19496 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x and 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access control vulnerability that permits a user with insufficient privileges to promote a project milestone to a group milestone. | ||||
| CVE-2018-19495 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration. | ||||
| CVE-2018-19494 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an incorrect access vulnerability that allows an unauthorized user to view private group names. | ||||
| CVE-2018-19493 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. | ||||
| CVE-2018-19492 | 3 Debian, Gnuplot, Opensuse | 3 Debian Linux, Gnuplot, Leap | 2024-11-21 | N/A |
| An issue was discovered in cairo.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the cairotrm_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot pngcairo terminal is used as a backend. | ||||
| CVE-2018-19491 | 3 Debian, Gnuplot, Opensuse | 3 Debian Linux, Gnuplot, Leap | 2024-11-21 | N/A |
| An issue was discovered in post.trm in Gnuplot 5.2.5. This issue allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the PS_options function. This flaw is caused by a missing size check of an argument passed to the "set font" function. This issue occurs when the Gnuplot postscript terminal is used as a backend. | ||||
| CVE-2018-19490 | 3 Debian, Gnuplot, Opensuse | 3 Debian Linux, Gnuplot, Leap | 2024-11-21 | N/A |
| An issue was discovered in datafile.c in Gnuplot 5.2.5. This issue allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in df_generate_ascii_array_entry. To exploit this vulnerability, an attacker must pass an overlong string as the right bound of the range argument that is passed to the plot function. | ||||
| CVE-2018-19489 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 4.7 Medium |
| v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | ||||
| CVE-2018-19488 | 1 Wp-jobhunt Project | 1 Wp-jobhunt | 2024-11-21 | N/A |
| The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_reset_pass() function through the admin-ajax.php file, which allows remote unauthenticated attackers to reset the password of a user's account. | ||||
| CVE-2018-19487 | 1 Wp-jobhunt Project | 1 Wp-jobhunt | 2024-11-21 | N/A |
| The WP-jobhunt plugin before version 2.4 for WordPress does not control AJAX requests sent to the cs_employer_ajax_profile() function through the admin-ajax.php file, which allows remote unauthenticated attackers to enumerate information about users. | ||||