Export limit exceeded: 349377 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349377 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18091 | 1 Intel | 1 Graphics Driver | 2024-11-21 | N/A |
| Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access. | ||||
| CVE-2018-18090 | 1 Intel | 1 Graphics Driver | 2024-11-21 | N/A |
| Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2018-18089 | 1 Intel | 1 Graphics Driver | 2024-11-21 | N/A |
| Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2018-18088 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | N/A |
| OpenJPEG 2.3.0 has a NULL pointer dereference for "red" in the imagetopnm function of jp2/convert.c | ||||
| CVE-2018-18087 | 1 Bixie | 1 Portfolio | 2024-11-21 | N/A |
| The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. The vulnerability is triggered by visiting /portfolio/${project_title}. | ||||
| CVE-2018-18086 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users. | ||||
| CVE-2018-18084 | 1 Comsenz | 1 Duomicms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in DuomiCMS 3.0. SQL injection exists in the ajax.php file, as demonstrated by the uid parameter. | ||||
| CVE-2018-18083 | 1 Comsenz | 1 Duomicms | 2024-11-21 | N/A |
| An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing. | ||||
| CVE-2018-18082 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | N/A |
| XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | ||||
| CVE-2018-18075 | 1 Wikidforum Project | 1 Wikidforum | 2024-11-21 | N/A |
| WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | ||||
| CVE-2018-18074 | 4 Canonical, Opensuse, Python and 1 more | 8 Ubuntu Linux, Leap, Requests and 5 more | 2024-11-21 | 7.5 High |
| The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network. | ||||
| CVE-2018-18073 | 4 Artifex, Canonical, Debian and 1 more | 10 Ghostscript, Ubuntu Linux, Debian Linux and 7 more | 2024-11-21 | 6.3 Medium |
| Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object. | ||||
| CVE-2018-18071 | 1 Mercedes-benz | 1 Mercedes Me | 2024-11-21 | N/A |
| An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel. | ||||
| CVE-2018-18070 | 1 Mercedes-benz | 2 C-class, Comand | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route, which will cause a boot loop. (Under certain circumstances, it is possible to quickly overwrite the malicious route to regain the stability of the system.) | ||||
| CVE-2018-18069 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A |
| process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | ||||
| CVE-2018-18068 | 1 Raspberrypi | 2 Raspberry Pi 3 Model B\+, Raspberry Pi 3 Model B\+ Firmware | 2024-11-21 | N/A |
| The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 (the highest privilege level in ARMv8) memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug target processor B running in any privilege level, the debugging feature allows A to halt B and promote B to any privilege level. As a debug host, A has full control of B even if B owns a higher privilege level than A. Accordingly, A can read/write any EL3 memory/register via B. Also, with this memory access, A can execute arbitrary code in EL3. | ||||
| CVE-2018-18065 | 5 Canonical, Debian, Net-snmp and 2 more | 10 Ubuntu Linux, Debian Linux, Net-snmp and 7 more | 2024-11-21 | N/A |
| _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | ||||
| CVE-2018-18064 | 1 Cairographics | 1 Cairo | 2024-11-21 | 6.5 Medium |
| cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function). | ||||
| CVE-2018-18062 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | N/A |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-18061 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | N/A |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. | ||||