Export limit exceeded: 347380 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347380 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12519 | 1 Codenx | 1 Shopnx | 2024-11-21 | N/A |
| An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials. | ||||
| CVE-2018-12511 | 1 Substratum | 1 Substratum | 2024-11-21 | N/A |
| In the mintToken function of a smart contract implementation for Substratum (SUB), an Ethereum ERC20 token, the administrator can control mintedAmount, leverage an integer overflow, and modify a user account's balance arbitrarily. | ||||
| CVE-2018-12504 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | N/A |
| tinyexr 0.9.5 has an assertion failure in ComputeChannelLayout in tinyexr.h. | ||||
| CVE-2018-12503 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | N/A |
| tinyexr 0.9.5 has a heap-based buffer over-read in LoadEXRImageFromMemory in tinyexr.h. | ||||
| CVE-2018-12501 | 1 Nagios | 1 Fusion | 2024-11-21 | N/A |
| Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | ||||
| CVE-2018-12499 | 1 Motorola | 2 Mbp853, Mbp853 Firmware | 2024-11-21 | N/A |
| The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate. | ||||
| CVE-2018-12498 | 1 Icmsdev | 1 Icms | 2024-11-21 | N/A |
| spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | ||||
| CVE-2018-12495 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2024-11-21 | N/A |
| The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. | ||||
| CVE-2018-12494 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | ||||
| CVE-2018-12493 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | ||||
| CVE-2018-12492 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php. | ||||
| CVE-2018-12491 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944. | ||||
| CVE-2018-12483 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | N/A |
| OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability. | ||||
| CVE-2018-12482 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | N/A |
| OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. | ||||
| CVE-2018-12481 | 1 The Olive Tree Ftp Server Project | 1 The Olive Tree Ftp Server | 2024-11-21 | N/A |
| The Olive Tree Ftp Server application 1.32 for Android has a "Sensitive Data on the Clipboard" vulnerability, as demonstrated by reading the "User password" field with the Drozer post.capture.clipboard module. | ||||
| CVE-2018-12479 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df. | ||||
| CVE-2018-12478 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| A Improper Input Validation vulnerability in Open Build Service allows remote attackers to extract files from the system where the service runs. Affected releases are openSUSE Open Build Service: status of is unknown. | ||||
| CVE-2018-12477 | 1 Opensuse | 1 Leap | 2024-11-21 | N/A |
| A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affected releases are openSUSE Open Build Service: versions prior to d6244245dda5367767efc989446fe4b5e4609cce. | ||||
| CVE-2018-12476 | 1 Suse | 3 Obs-service-tar Scm, Opensuse Factory, Suse Linux Enterprise Server | 2024-11-21 | 4.3 Medium |
| Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. | ||||
| CVE-2018-12475 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 6.5 Medium |
| A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request against internal networks and potentially downloading data that is exposed there. This issue affects: openSUSE Open Build Service . | ||||