Export limit exceeded: 347095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347095 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13297 | 1 Synology | 1 Drive Server | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.SynologyDrive.Files in Synology Drive before 1.1.2-10562 allows remote attackers to obtain sensitive system information via the dsm_path parameter. | ||||
| CVE-2018-13296 | 1 Synology | 1 Mailplus Server | 2024-11-21 | N/A |
| Uncontrolled resource consumption vulnerability in TLS configuration in Synology MailPlus Server before 2.0.5-0606 allows remote attackers to conduct denial-of-service attacks via client-initiated renegotiation. | ||||
| CVE-2018-13295 | 1 Synology | 1 Application Service | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Personal.Application.Info in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the version parameter. | ||||
| CVE-2018-13294 | 1 Synology | 1 Application Service | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Personal.Profile in Synology Application Service before 1.5.4-0320 allows remote authenticated users to obtain sensitive system information via the uid parameter. | ||||
| CVE-2018-13292 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in /usr/syno/etc/mount.conf in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
| CVE-2018-13290 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.Core.ACL in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote authenticated users to determine the existence of files or obtain sensitive information of files via the file_path parameter. | ||||
| CVE-2018-13289 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology Router Manager (SRM) before 1.1.7-6941-2 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
| CVE-2018-13288 | 1 Synology | 1 File Station | 2024-11-21 | N/A |
| Information exposure vulnerability in SYNO.FolderSharing.List in Synology File Station before 1.2.3-0252 and before 1.1.5-0125 allows remote attackers to obtain sensitive information via the (1) folder_path or (2) real_path parameter. | ||||
| CVE-2018-13287 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
| CVE-2018-13285 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | ||||
| CVE-2018-13283 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | N/A |
| Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. | ||||
| CVE-2018-13282 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
| CVE-2018-13259 | 3 Canonical, Redhat, Zsh | 3 Ubuntu Linux, Enterprise Linux, Zsh | 2024-11-21 | N/A |
| An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | ||||
| CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | ||||
| CVE-2018-13257 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | 6.1 Medium |
| The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | ||||
| CVE-2018-13256 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 6.1 Medium |
| PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. | ||||
| CVE-2018-13252 | 1 Entrustdatacard | 1 Syntera Customization Suite | 2024-11-21 | N/A |
| Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | ||||
| CVE-2018-13251 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. | ||||
| CVE-2018-13250 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | ||||
| CVE-2018-13233 | 1 Gsi Project | 1 Gsi | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||