Export limit exceeded: 348775 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348775 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-16336 | 3 Canonical, Debian, Exiv2 | 3 Ubuntu Linux, Debian Linux, Exiv2 | 2024-11-21 | N/A |
| Exiv2::Internal::PngChunk::parseTXTChunk in Exiv2 v0.26 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image file, a different vulnerability than CVE-2018-10999. | ||||
| CVE-2018-16335 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-11-21 | N/A |
| newoffsets handling in ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. This is a different vulnerability than CVE-2018-15209. | ||||
| CVE-2018-16334 | 1 Tendacn | 4 Ac10, Ac10 Firmware, Ac9 and 1 more | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC9 V15.03.05.19(6318)_CN and AC10 V15.03.06.23_CN devices. The mac parameter in a POST request is used directly in a doSystemCmd call, causing OS command injection. | ||||
| CVE-2018-16333 | 1 Tendacn | 10 Ac10, Ac10 Firmware, Ac15 and 7 more | 2024-11-21 | N/A |
| An issue was discovered on Tenda AC7 V15.03.06.44_CN, AC9 V15.03.05.19(6318)_CN, AC10 V15.03.06.23_CN, AC15 V15.03.05.19_CN, and AC18 V15.03.05.19(6318)_CN devices. There is a buffer overflow vulnerability in the router's web server. While processing the ssid parameter for a POST request, the value is directly used in a sprintf call to a local variable placed on the stack, which overrides the return address of the function, causing a buffer overflow. | ||||
| CVE-2018-16332 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | ||||
| CVE-2018-16331 | 1 Damicms | 1 Damicms | 2024-11-21 | N/A |
| admin.php?s=/Admin/doedit in DamiCMS v6.0.0 allows CSRF to change the administrator account's password. | ||||
| CVE-2018-16330 | 1 Ipandao | 1 Editor.md | 2024-11-21 | N/A |
| Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element. | ||||
| CVE-2018-16329 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | N/A |
| In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the GetMagickProperty function in MagickCore/property.c. | ||||
| CVE-2018-16328 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| In ImageMagick before 7.0.8-8, a NULL pointer dereference exists in the CheckEventLogging function in MagickCore/log.c. | ||||
| CVE-2018-16327 | 1 Intelliants | 1 Subrion | 2024-11-21 | N/A |
| There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration. | ||||
| CVE-2018-16326 | 1 Phpscriptsmall | 1 Olx Clone | 2024-11-21 | N/A |
| PHP Scripts Mall Olx Clone 3.4.2 has XSS. | ||||
| CVE-2018-16325 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field. | ||||
| CVE-2018-16324 | 1 Icewarp | 1 Mail Server | 2024-11-21 | N/A |
| In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field. | ||||
| CVE-2018-16323 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 6.5 Medium |
| ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. | ||||
| CVE-2018-16320 | 1 Idreamsoft | 1 Icms | 2024-11-21 | N/A |
| idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. | ||||
| CVE-2018-16316 | 1 Portainer | 1 Portainer | 2024-11-21 | N/A |
| A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field. | ||||
| CVE-2018-16315 | 1 Bijiadao | 1 Waimai Super Cms | 2024-11-21 | N/A |
| In waimai Super Cms 20150505, there is a CSRF vulnerability that can change the configuration via admin.php?m=Config&a=add. | ||||
| CVE-2018-16314 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | ||||
| CVE-2018-16313 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A |
| Bludit 2.3.4 allows XSS via a user name. | ||||
| CVE-2018-16310 | 1 Technicolor | 2 Tg588v, Tg588v Firmware | 2024-11-21 | N/A |
| Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions | ||||