Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16396 | 4 Canonical, Debian, Redhat and 1 more | 9 Ubuntu Linux, Debian Linux, Enterprise Linux and 6 more | 2024-11-21 | N/A |
| An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. | ||||
| CVE-2018-16395 | 4 Canonical, Debian, Redhat and 1 more | 7 Ubuntu Linux, Debian Linux, Enterprise Linux and 4 more | 2024-11-21 | N/A |
| An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations. | ||||
| CVE-2018-16393 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | N/A |
| Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-16392 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | N/A |
| Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-16391 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | N/A |
| Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-16389 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. | ||||
| CVE-2018-16388 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type. | ||||
| CVE-2018-16387 | 1 Elefantcms | 1 Elefantcms | 2024-11-21 | N/A |
| An issue was discovered in Elefant CMS before 2.0.5. There is a CSRF vulnerability that can add an account via user/add. | ||||
| CVE-2018-16386 | 1 Swift | 1 Alliance Web Platform | 2024-11-21 | N/A |
| An issue was discovered in SWIFT Alliance Web Platform 7.1.23. A log injection (and an arbitrary log filename) can be achieved via the PATH_INFO to swp/login/EJBRemoteService/, related to com.swift.ejbgwt.j2ee.client.EjBlnvocationException error log information containing null@java:comp/env/ error messages. | ||||
| CVE-2018-16385 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | N/A |
| ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. | ||||
| CVE-2018-16384 | 1 Owasp | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 7.5 High |
| A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | ||||
| CVE-2018-16382 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | N/A |
| Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. | ||||
| CVE-2018-16381 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.8 has XSS via the e107_admin/users.php?mode=main&action=list user_loginname parameter. | ||||
| CVE-2018-16380 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | N/A |
| An issue was discovered in Ogma CMS 0.4 Beta. There is a CSRF vulnerability in users.php?action=createnew that can add an admin account. | ||||
| CVE-2018-16379 | 1 Digimute | 1 Ogma Cms | 2024-11-21 | N/A |
| Ogma CMS 0.4 Beta has XSS via the "Footer Text footer" field on the "Theme/Theme Options" screen. | ||||
| CVE-2018-16376 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | N/A |
| An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact. | ||||
| CVE-2018-16375 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | N/A |
| An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow. | ||||
| CVE-2018-16374 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has stored XSS via /admin/?/plugin/comment/settings. | ||||
| CVE-2018-16373 | 1 Frog Cms Project | 1 Frog Cms | 2024-11-21 | N/A |
| Frog CMS 0.9.5 has an Upload vulnerability that can create files via /admin/?/plugin/file_manager/save. | ||||
| CVE-2018-16372 | 1 Ideacms | 1 Ideacms | 2024-11-21 | N/A |
| The issue was discovered in IdeaCMS through 2016-04-30. There is reflected XSS via the index.php?c=content&a=search kw parameter. NOTE: this product is discontinued. | ||||