Export limit exceeded: 346748 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346748 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346748 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11041 | 1 Pivotal Software | 2 Cloud Foundry Uaa, Cloud Foundry Uaa-release | 2024-11-21 | N/A |
| Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt. | ||||
| CVE-2018-11040 | 3 Debian, Oracle, Vmware | 28 Debian Linux, Agile Product Lifecycle Management, Application Testing Suite and 25 more | 2024-11-21 | 7.5 High |
| Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. | ||||
| CVE-2018-11039 | 3 Debian, Oracle, Vmware | 33 Debian Linux, Agile Plm, Application Testing Suite and 30 more | 2024-11-21 | 5.9 Medium |
| Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. | ||||
| CVE-2018-11037 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| In Exiv2 0.26, the Exiv2::PngImage::printStructure function in pngimage.cpp allows remote attackers to cause an information leak via a crafted file. | ||||
| CVE-2018-11036 | 1 Ruckuswireless | 8 Scg-200, Scg-200 Firmware, Sz-100 and 5 more | 2024-11-21 | N/A |
| Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data. | ||||
| CVE-2018-11035 | 1 2345.cc | 1 Security Guard | 2024-11-21 | N/A |
| In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x80002019. | ||||
| CVE-2018-11034 | 1 2345.cc | 1 Security Guard | 2024-11-21 | N/A |
| In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D. | ||||
| CVE-2018-11033 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. | ||||
| CVE-2018-11032 | 1 Gouguoyin | 1 Phprap | 2024-11-21 | N/A |
| PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. | ||||
| CVE-2018-11031 | 1 Gouguoyin | 1 Phprap | 2024-11-21 | N/A |
| application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request. | ||||
| CVE-2018-11027 | 1 Ruckussecurity | 2 Icx7450-48, Icx7450-48 Firmware | 2024-11-21 | N/A |
| A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2018-11025 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | N/A |
| kernel/omap/drivers/mfd/twl6030-gpadc.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/twl6030-gpadc with the command 24832 and cause a kernel crash. | ||||
| CVE-2018-11024 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | N/A |
| kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 1077435789 and cause a kernel crash. | ||||
| CVE-2018-11023 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | N/A |
| kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD (3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3222560159 and cause a kernel crash. | ||||
| CVE-2018-11022 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | N/A |
| kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3224132973 and cause a kernel crash. | ||||
| CVE-2018-11021 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | N/A |
| kernel/omap/drivers/video/omap2/dsscomp/device.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/dsscomp with the command 1118064517 and cause a kernel crash. | ||||
| CVE-2018-11020 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | N/A |
| kernel/omap/drivers/rpmsg/rpmsg_omx.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device file /dev/rpmsg-omx1 with the command 3221772291, and cause a kernel crash. | ||||
| CVE-2018-11019 | 1 Amazon | 2 Fire Os, Kindle Fire Hd | 2024-11-21 | N/A |
| kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash. | ||||
| CVE-2018-11018 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | N/A |
| An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery (CSRF) vulnerability in apps/admin/controller/system/RoleController.php allows remote attackers to add administrator accounts via admin.php/role/add.html. | ||||
| CVE-2018-11017 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | ||||