Export limit exceeded: 347147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347147 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-13287 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Incorrect default permissions vulnerability in synouser.conf in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to obtain sensitive information via the world readable configuration. | ||||
| CVE-2018-13285 | 1 Synology | 1 Router Manager | 2024-11-21 | N/A |
| Command injection vulnerability in ftpd in Synology Router Manager (SRM) before 1.1.7-6941-1 allows remote authenticated users to execute arbitrary OS commands via the (1) MKD or (2) RMD command. | ||||
| CVE-2018-13283 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | N/A |
| Lack of administrator control over security vulnerability in client.cgi in Synology SSL VPN Client before 1.2.5-0226 allows remote attackers to conduct man-in-the-middle attacks via the (1) command, (2) hostname, or (3) port parameter. | ||||
| CVE-2018-13282 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Session fixation vulnerability in SYNO.PhotoStation.Auth in Synology Photo Station before 6.8.7-3481 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
| CVE-2018-13259 | 3 Canonical, Redhat, Zsh | 3 Ubuntu Linux, Enterprise Linux, Zsh | 2024-11-21 | N/A |
| An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. | ||||
| CVE-2018-13258 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A |
| Mediawiki 1.31 before 1.31.1 misses .htaccess files in the provided tarball used to protect some directories that shouldn't be web accessible. | ||||
| CVE-2018-13257 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | 6.1 Medium |
| The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | ||||
| CVE-2018-13256 | 1 Chartered Accountant \ | 1 Auditor Website Project | 2024-11-21 | 6.1 Medium |
| PHP Scripts Mall Auditor Website 2.0.1 has XSS via the lastname or firstname parameter. | ||||
| CVE-2018-13252 | 1 Entrustdatacard | 1 Syntera Customization Suite | 2024-11-21 | N/A |
| Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | ||||
| CVE-2018-13251 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. | ||||
| CVE-2018-13250 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | ||||
| CVE-2018-13233 | 1 Gsi Project | 1 Gsi | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for GSI, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||
| CVE-2018-13232 | 1 Entercoin Project | 1 Entercoin | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||
| CVE-2018-13231 | 1 Entertoken Project | 1 Entertoken | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterToken), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||
| CVE-2018-13230 | 1 Destineed Project | 1 Destineed | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for DestiNeed (DSN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||
| CVE-2018-13229 | 1 Riptidecoin Project | 1 Riptidecoin | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||
| CVE-2018-13228 | 1 Crowdnext Project | 1 Crowdnext | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for Crowdnext (CNX), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||
| CVE-2018-13227 | 1 Moneychainnet Project | 1 Moneychainnet | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for MoneyChainNet (MCN), an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||
| CVE-2018-13226 | 1 Ylctoken Project | 1 Ylctoken | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||
| CVE-2018-13225 | 1 Myylc Project | 1 Myylc | 2024-11-21 | N/A |
| The sell function of a smart contract implementation for MyYLC, an Ethereum token, has an integer overflow in which "amount * sellPrice" can be zero, consequently reducing a seller's assets. | ||||