Export limit exceeded: 347832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347832 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17282 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference. | ||||
| CVE-2018-17281 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-11-21 | N/A |
| There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. | ||||
| CVE-2018-17256 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | N/A |
| Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vulnerability is exploited when updating or removing public access of a content. | ||||
| CVE-2018-17254 | 1 Arkextensions | 1 Jck Editor | 2024-11-21 | 9.8 Critical |
| The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. | ||||
| CVE-2018-17247 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | N/A |
| Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to. | ||||
| CVE-2018-17246 | 2 Elastic, Redhat | 3 Kibana, Openshift, Openshift Container Platform | 2024-11-21 | N/A |
| Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | ||||
| CVE-2018-17245 | 1 Elastic | 1 Kibana | 2024-11-21 | N/A |
| Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider. | ||||
| CVE-2018-17244 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | N/A |
| Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive headers intended for another request if the same username is being authenticated concurrently; when used with run as, this can result in the request running as the incorrect user. This could allow a user to access information that they should not have access to. | ||||
| CVE-2018-17243 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | N/A |
| Global Search in Zoho ManageEngine OpManager before 12.3 123205 allows SQL Injection. | ||||
| CVE-2018-17240 | 1 Netwavepr | 4 Indoor Ip Camera, Indoor Ip Camera Firmware, Outdoor Ip Camera and 1 more | 2024-11-21 | 7.5 High |
| There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). | ||||
| CVE-2018-17237 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. | ||||
| CVE-2018-17236 | 1 Mp4v2 Project | 1 Mp4v2 | 2024-11-21 | N/A |
| The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. | ||||
| CVE-2018-17235 | 1 Mp4v2 Project | 1 Mp4v2 | 2024-11-21 | N/A |
| The function mp4v2::impl::MP4Track::FinishSdtp() in mp4track.cpp in libmp4v2 2.1.0 mishandles compatibleBrand while processing a crafted mp4 file, which leads to a heap-based buffer over-read, causing denial of service. | ||||
| CVE-2018-17234 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file. | ||||
| CVE-2018-17233 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. | ||||
| CVE-2018-17232 | 1 Slack Archivebot Project | 1 Slack Archivebot | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in archivebot.py in docmarionum1 Slack ArchiveBot (aka slack-archive-bot) before 2018-09-19 allows remote attackers to execute arbitrary SQL commands via the text parameter to cursor.execute(). | ||||
| CVE-2018-17231 | 1 Telegram | 1 Telegram Desktop | 2024-11-21 | N/A |
| Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary | ||||
| CVE-2018-17230 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| Exiv2::ul2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | ||||
| CVE-2018-17229 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer overflow) via a crafted image file. | ||||
| CVE-2018-17228 | 1 Nmap4j Project | 1 Nmap4j | 2024-11-21 | N/A |
| nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call. | ||||