Export limit exceeded: 348656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348656 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18907 | 1 Dlink | 2 Dir-850l, Dir-850l Firmare | 2024-11-21 | 7.5 High |
| An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | ||||
| CVE-2018-18903 | 1 Vanillaforums | 1 Vanilla | 2024-11-21 | N/A |
| Vanilla 2.6.x before 2.6.4 allows remote code execution. | ||||
| CVE-2018-18898 | 4 Bestpractical, Canonical, Debian and 1 more | 4 Request Tracker, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.5 High |
| The email-ingestion feature in Best Practical Request Tracker 4.1.13 through 4.4 allows denial of service by remote attackers via an algorithmic complexity attack on email address parsing. | ||||
| CVE-2018-18897 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | ||||
| CVE-2018-18894 | 1 Lexmark | 98 6500e, 6500e Firmware, C748 and 95 more | 2024-11-21 | 7.5 High |
| Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. | ||||
| CVE-2018-18893 | 1 Hubspot | 1 Jinjava | 2024-11-21 | N/A |
| Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java. | ||||
| CVE-2018-18892 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php. | ||||
| CVE-2018-18891 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. | ||||
| CVE-2018-18890 | 1 1234n | 1 Minicms | 2024-11-21 | N/A |
| MiniCMS 1.10 allows full path disclosure via /mc-admin/post.php?state=delete&delete= with an invalid filename. | ||||
| CVE-2018-18888 | 1 Laravelcms Project | 1 Laravelcms | 2024-11-21 | N/A |
| An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed. | ||||
| CVE-2018-18887 | 1 S-cms | 1 S-cms | 2024-11-21 | N/A |
| S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). | ||||
| CVE-2018-18886 | 1 Helpy.io | 1 Helpy | 2024-11-21 | 6.1 Medium |
| Helpy v2.1.0 has Stored XSS via the Ticket title. | ||||
| CVE-2018-18883 | 1 Xen | 1 Xen | 2024-11-21 | N/A |
| An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted. | ||||
| CVE-2018-18882 | 1 Controlbyweb | 2 X-320m-i, X-320m-i Firmware | 2024-11-21 | N/A |
| A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. | ||||
| CVE-2018-18881 | 1 Controlbyweb | 2 X-320m-i, X-320m-i Firmware | 2024-11-21 | N/A |
| A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. | ||||
| CVE-2018-18880 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a networkdiags.php reflected Cross-site scripting (XSS) vulnerability allows remote authenticated users to inject arbitrary web script. | ||||
| CVE-2018-18879 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php. | ||||
| CVE-2018-18878 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, the BACnet daemon does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. | ||||
| CVE-2018-18877 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page config_main.php that allows manipulation of the device. | ||||
| CVE-2018-18876 | 1 Columbiaweather | 2 Weather Microserver, Weather Microserver Firmware | 2024-11-21 | N/A |
| In firmware version MS_2.6.9900 of Columbia Weather MicroServer, a readouts_rd.php directory traversal issue makes it possible to read any file present on the underlying operating system. | ||||