Export limit exceeded: 347158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12648 | 1 Exempi Project | 1 Exempi | 2024-11-21 | N/A |
| The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference. | ||||
| CVE-2018-12642 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A |
| Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not owned by the current user. | ||||
| CVE-2018-12641 | 2 Gnu, Redhat | 3 Binutils, Ansible Tower, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. | ||||
| CVE-2018-12640 | 1 Insteon | 2 2864-222, 2864-222 Firmware | 2024-11-21 | 9.8 Critical |
| The webService binary on Insteon HD IP Camera White 2864-222 devices has a Buffer Overflow via a crafted pid, pwd, or usr key in a GET request on port 34100. | ||||
| CVE-2018-12638 | 1 Bose | 1 Soundtouch | 2024-11-21 | N/A |
| An issue was discovered in the Bose Soundtouch app 18.1.4 for iOS. There is no frontend input validation of the device name. A malicious device name can execute JavaScript on the registered Bose User Account if a speaker has been connected to the app. | ||||
| CVE-2018-12636 | 1 Ithemes | 1 Security | 2024-11-21 | N/A |
| The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. | ||||
| CVE-2018-12635 | 1 Circontrol | 1 Scada | 2024-11-21 | N/A |
| CirCarLife Scada v4.2.4 allows unauthorized upgrades via requests to the html/upgrade.html and services/system/firmware.upgrade URIs. | ||||
| CVE-2018-12634 | 1 Circontrol | 1 Circarlife Scada | 2024-11-21 | 9.8 Critical |
| CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | ||||
| CVE-2018-12633 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage. | ||||
| CVE-2018-12632 | 1 Redatam | 1 Redatam | 2024-11-21 | N/A |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to discover the installation path via an invalid LFN parameter to the /redbin/rpwebutilities.exe/text URI. | ||||
| CVE-2018-12631 | 1 Redatam | 1 Redatam | 2024-11-21 | N/A |
| Redatam7 (formerly Redatam WebServer) allows remote attackers to read arbitrary files via /redbin/rpwebutilities.exe/text?LFN=../ directory traversal. | ||||
| CVE-2018-12630 | 1 Nmark | 1 Nmcms | 2024-11-21 | N/A |
| NEWMARK (aka New Mark) NMCMS 2.1 allows SQL Injection via the sect_id parameter to the /catalog URI. | ||||
| CVE-2018-12628 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges. | ||||
| CVE-2018-12627 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. | ||||
| CVE-2018-12626 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. | ||||
| CVE-2018-12625 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. | ||||
| CVE-2018-12624 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter. | ||||
| CVE-2018-12623 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. | ||||
| CVE-2018-12622 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. | ||||
| CVE-2018-12621 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter. | ||||