Export limit exceeded: 347328 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347328 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14495 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | N/A |
| Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance | ||||
| CVE-2018-14494 | 1 Vivotek | 2 Fd8136, Fd8136 Firmware | 2024-11-21 | N/A |
| Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware | ||||
| CVE-2018-14493 | 1 Opmantek | 1 Open-audit | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name. | ||||
| CVE-2018-14492 | 1 Tendacn | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | N/A |
| Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. | ||||
| CVE-2018-14486 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A |
| DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. | ||||
| CVE-2018-14485 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A |
| BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | ||||
| CVE-2018-14481 | 1 Osclass | 1 Osclass | 2024-11-21 | N/A |
| Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. | ||||
| CVE-2018-14478 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2024-11-21 | N/A |
| ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. | ||||
| CVE-2018-14476 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 6.1 Medium |
| GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation. | ||||
| CVE-2018-14474 | 1 Goodoldweb | 1 Orange Forum | 2024-11-21 | N/A |
| views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup. | ||||
| CVE-2018-14473 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | N/A |
| OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. | ||||
| CVE-2018-14472 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. | ||||
| CVE-2018-14471 | 1 Gnu | 1 Libredwg | 2024-11-21 | N/A |
| dwg_obj_block_control_get_block_headers in dwg_api.c in GNU LibreDWG 0.5.1048 allows remote attackers to cause a denial of service (NULL pointer dereference and SEGV) via a crafted dwg file. | ||||
| CVE-2018-14469 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 7.5 High |
| The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print(). | ||||
| CVE-2018-14466 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert(). | ||||
| CVE-2018-14464 | 6 Apple, Debian, Fedoraproject and 3 more | 6 Mac Os X, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs(). | ||||
| CVE-2018-14463 | 7 Apple, Debian, F5 and 4 more | 7 Mac Os X, Debian Linux, Traffix Signaling Delivery Controller and 4 more | 2024-11-21 | 7.5 High |
| The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167. | ||||
| CVE-2018-14460 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c. | ||||
| CVE-2018-14459 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | N/A |
| An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h. | ||||
| CVE-2018-14458 | 1 Linuxsampler | 1 Libgig | 2024-11-21 | N/A |
| An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h. | ||||