Export limit exceeded: 349367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349367 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19624 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference. | ||||
| CVE-2018-19623 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.c by disallowing certain negative values. | ||||
| CVE-2018-19622 | 3 Debian, Redhat, Wireshark | 3 Debian Linux, Enterprise Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows. | ||||
| CVE-2018-19621 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
| server/index.php?s=/api/teamMember/save in ShowDoc 2.4.2 has a CSRF that can add members to a team. | ||||
| CVE-2018-19620 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
| ShowDoc 2.4.1 allows remote attackers to edit other users' notes by navigating with a modified page_id. | ||||
| CVE-2018-19616 | 1 Rockwellautomation | 2 Powermonitor 1000, Powermonitor 1000 Firmware | 2024-11-21 | N/A |
| An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element. | ||||
| CVE-2018-19615 | 1 Rockwellautomation | 2 Powermonitor 1000, Powermonitor 1000 Firmware | 2024-11-21 | 6.1 Medium |
| Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userâs web browser to gain access to the affected device. | ||||
| CVE-2018-19614 | 1 Westermo | 6 Dr-250, Dr-250 Firmware, Dr-260 and 3 more | 2024-11-21 | N/A |
| XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. | ||||
| CVE-2018-19613 | 1 Westermo | 6 Dr-250, Dr-250 Firmware, Dr-260 and 3 more | 2024-11-21 | N/A |
| Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF. | ||||
| CVE-2018-19612 | 1 Westermo | 6 Dr-250, Dr-250 Firmware, Dr-260 and 3 more | 2024-11-21 | N/A |
| The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. | ||||
| CVE-2018-19609 | 1 Showdoc | 1 Showdoc | 2024-11-21 | N/A |
| ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL. | ||||
| CVE-2018-19608 | 1 Arm | 1 Mbed Tls | 2024-11-21 | N/A |
| Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites. | ||||
| CVE-2018-19607 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| Exiv2::isoSpeed in easyaccess.cpp in Exiv2 v0.27-RC2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. | ||||
| CVE-2018-19601 | 1 Rhymix | 1 Rhymix | 2024-11-21 | N/A |
| Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | ||||
| CVE-2018-19600 | 1 Rhymix | 1 Rhymix | 2024-11-21 | N/A |
| Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | ||||
| CVE-2018-19599 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 5.4 Medium |
| Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product. | ||||
| CVE-2018-19598 | 1 Statamic | 1 Statamic | 2024-11-21 | N/A |
| Statamic 2.10.3 allows XSS via First Name or Last Name to the /users URI in an 'Add new user' request. | ||||
| CVE-2018-19597 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | ||||
| CVE-2018-19596 | 1 Zurmo | 1 Zurmo | 2024-11-21 | N/A |
| Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506. | ||||
| CVE-2018-19595 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | ||||