Export limit exceeded: 347889 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347889 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17612 | 2 Microsoft, Sennheiser | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2024-11-21 | N/A |
| Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted. | ||||
| CVE-2018-17611 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | N/A |
| Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||||
| CVE-2018-17610 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | N/A |
| Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||||
| CVE-2018-17609 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | N/A |
| Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||||
| CVE-2018-17608 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | N/A |
| Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||||
| CVE-2018-17607 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | N/A |
| Foxit PhantomPDF and Reader before 9.3 allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) because properties of Annotation objects are mishandled. This relates to one of five distinct types of Annotation objects. | ||||
| CVE-2018-17605 | 1 Asset Pipeline Project | 1 Asset-pipeline | 2024-11-21 | N/A |
| An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in AssetPipelineFilter.groovy or AssetPipelineFilterCore.groovy. | ||||
| CVE-2018-17596 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | N/A |
| In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter. | ||||
| CVE-2018-17595 | 1 Fork-cms | 1 Fork Cms | 2024-11-21 | N/A |
| In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | ||||
| CVE-2018-17594 | 1 Airties | 2 Air 5443v2, Air 5443v2 Firmware | 2024-11-21 | N/A |
| AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | ||||
| CVE-2018-17593 | 1 Airties | 2 Air 5453, Air 5453 Firmware | 2024-11-21 | N/A |
| AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | ||||
| CVE-2018-17591 | 1 Airties | 2 Air 5343v2, Air 5343v2 Firmware | 2024-11-21 | N/A |
| AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | ||||
| CVE-2018-17590 | 1 Airties | 2 Air 5442, Air 5442 Firmware | 2024-11-21 | N/A |
| AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | ||||
| CVE-2018-17589 | 1 Airties | 2 Air 5650, Air 5650 Firmware | 2024-11-21 | N/A |
| AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | ||||
| CVE-2018-17588 | 1 Airties | 2 Air 5021, Air 5021 Firmware | 2024-11-21 | N/A |
| AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | ||||
| CVE-2018-17587 | 1 Airties | 2 Air 5750, Air 5750 Firmware | 2024-11-21 | N/A |
| AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. | ||||
| CVE-2018-17586 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | N/A |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action. | ||||
| CVE-2018-17585 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | N/A |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter. | ||||
| CVE-2018-17584 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | N/A |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has CSRF via the wp-admin/admin.php wpfastestcacheoptions page. | ||||
| CVE-2018-17583 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2024-11-21 | N/A |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action. | ||||