Export limit exceeded: 350460 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350460 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20090 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | 8.3 High |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. | ||||
| CVE-2018-20073 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Use of extended attributes in downloads in Google Chrome prior to 72.0.3626.81 allowed a local attacker to read download URLs via the filesystem. | ||||
| CVE-2018-20071 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page. | ||||
| CVE-2018-20070 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | ||||
| CVE-2018-20069 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-11-21 | N/A |
| Failure to prevent navigation to top frame to data URLs in Navigation in Google Chrome on iOS prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | ||||
| CVE-2018-20068 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | ||||
| CVE-2018-20067 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page. | ||||
| CVE-2018-20066 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2018-20065 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file. | ||||
| CVE-2018-20064 | 1 Doorgets | 1 Doorgets | 2024-11-21 | N/A |
| doorGets 7.0 allows remote attackers to write to arbitrary files via directory traversal, as demonstrated by a dg-user/?controller=theme&action=edit&name=doorgets&file=../../1.txt%00 URI with content in the theme_content_nofi parameter. | ||||
| CVE-2018-20063 | 1 Gurock | 1 Testrail | 2024-11-21 | N/A |
| An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration). | ||||
| CVE-2018-20061 | 1 Frappe | 1 Erpnext | 2024-11-21 | N/A |
| A SQL injection issue was discovered in ERPNext 10.x and 11.x through 11.0.3-beta.29. This attack is only available to a logged-in user; however, many ERPNext sites allow account creation via the web. No special privileges are needed to conduct the attack. By calling a JavaScript function that calls a server-side Python function with carefully chosen arguments, a SQL attack can be carried out which allows SQL queries to be constructed to return any columns from any tables in the database. This is related to /api/resource/Item?fields= URIs, frappe.get_list, and frappe.call. | ||||
| CVE-2018-20059 | 1 Pippo | 1 Pippo | 2024-11-21 | N/A |
| jaxb/JaxbEngine.java in Pippo 1.11.0 allows XXE. | ||||
| CVE-2018-20058 | 1 Evernote | 1 Evernote | 2024-11-21 | N/A |
| In Evernote before 7.6 on macOS, there is a local file path traversal issue in attachment previewing, aka MACOSNOTE-28634. | ||||
| CVE-2018-20057 | 2 D-link, Dlink | 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more | 2024-11-21 | N/A |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. | ||||
| CVE-2018-20056 | 2 D-link, Dlink | 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more | 2024-11-21 | N/A |
| An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. | ||||
| CVE-2018-20053 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2024-11-21 | N/A |
| An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network. | ||||
| CVE-2018-20052 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2024-11-21 | N/A |
| An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The user running the main CCE firmware has NOPASSWD sudo privileges to several utilities that could be used to escalate privileges to root. One example is the "sudo ln -s /tmp/script /etc/cron.hourly/script" command. | ||||
| CVE-2018-20051 | 1 Qacctv | 2 Jooan Ja-q1h Wi-fi Camera, Jooan Ja-q1h Wi-fi Camera Firmware | 2024-11-21 | N/A |
| Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on. | ||||
| CVE-2018-20050 | 1 Qacctv | 2 Jooan Ja-q1h Wi-fi Camera, Jooan Ja-q1h Wi-fi Camera Firmware | 2024-11-21 | N/A |
| Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method. | ||||