Export limit exceeded: 346758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346758 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11747 | 1 Puppet | 1 Discovery | 2024-11-21 | N/A |
| Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. | ||||
| CVE-2018-11746 | 1 Puppet | 1 Discovery | 2024-11-21 | N/A |
| In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery. | ||||
| CVE-2018-11744 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | N/A |
| Cloudera Manager through 5.15 has Incorrect Access Control. | ||||
| CVE-2018-11743 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2024-11-21 | 9.8 Critical |
| The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-11742 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Cleartext Password Storage in the Web UI. | ||||
| CVE-2018-11741 | 1 Nec | 2 Univerge Sv9100 Webpro, Univerge Sv9100 Webpro Firmware | 2024-11-21 | 9.8 Critical |
| NEC Univerge Sv9100 WebPro 6.00.00 devices have Predictable Session IDs that result in Account Information Disclosure via Home.htm?sessionId=#####&GOTO(8) URIs. | ||||
| CVE-2018-11740 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11739 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11738 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack. | ||||
| CVE-2018-11737 | 1 Sleuthkit | 1 The Sleuth Kit | 2024-11-21 | N/A |
| An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service. | ||||
| CVE-2018-11736 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file. | ||||
| CVE-2018-11735 | 1 Ximdex | 1 Ximdex | 2024-11-21 | N/A |
| index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | ||||
| CVE-2018-11734 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| In e107 v2.1.7, output without filtering results in XSS. | ||||
| CVE-2018-11731 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11730 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11729 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | N/A |
| The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11728 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 5.5 Medium |
| The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11727 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-11-21 | 5.5 Medium |
| The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | ||||
| CVE-2018-11726 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | N/A |
| The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. | ||||
| CVE-2018-11725 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | N/A |
| The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. | ||||