Export limit exceeded: 336594 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75218 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75218 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20311 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 8.1 High |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
| CVE-2018-20310 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 8.1 High |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
| CVE-2018-20309 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 8.1 High |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyGetAppEdition race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | ||||
| CVE-2018-20247 | 1 Foxitsoftware | 1 Quick Pdf Library | 2024-11-21 | 7.8 High |
| In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow. | ||||
| CVE-2018-20243 | 1 Apache | 1 Fineract | 2024-11-21 | 7.5 High |
| The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629. | ||||
| CVE-2018-20227 | 1 Eclipse | 1 Rdf4j | 2024-11-21 | 7.5 High |
| RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive. | ||||
| CVE-2018-20225 | 1 Pypa | 1 Pip | 2024-11-21 | 7.8 High |
| An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely | ||||
| CVE-2018-20216 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2024-11-21 | 7.5 High |
| QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). | ||||
| CVE-2018-20196 | 2 Audiocoding, Debian | 2 Freeware Advanced Audio Decoder 2, Debian Linux | 2024-11-21 | 7.8 High |
| There is a stack-based buffer overflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because the S_M array is mishandled. | ||||
| CVE-2018-20191 | 3 Canonical, Fedoraproject, Qemu | 3 Ubuntu Linux, Fedora, Qemu | 2024-11-21 | 7.5 High |
| hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). | ||||
| CVE-2018-20127 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 7.5 High |
| An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds. | ||||
| CVE-2018-20125 | 2 Canonical, Qemu | 2 Ubuntu Linux, Qemu | 2024-11-21 | 7.5 High |
| hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service (NULL pointer dereference or excessive memory allocation) in create_cq_ring or create_qp_rings. | ||||
| CVE-2018-20090 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | 8.3 High |
| An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.4.0 through 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder. | ||||
| CVE-2018-20034 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability related to adding an item to a list in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | ||||
| CVE-2018-20032 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability related to message decoding in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | ||||
| CVE-2018-20031 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | ||||
| CVE-2018-20026 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 15 more | 2024-11-21 | 7.5 High |
| Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0. | ||||
| CVE-2018-20004 | 3 Debian, Fedoraproject, Mini-xml Project | 3 Debian Linux, Fedora, Mini-xml | 2024-11-21 | 8.8 High |
| An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. | ||||
| CVE-2018-1987 | 1 Ibm | 1 Data Protection | 2024-11-21 | 7.8 High |
| IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280. | ||||
| CVE-2018-1934 | 1 Ibm | 1 Cognos Business Intelligence | 2024-11-21 | 8.8 High |
| IBM Cognos Business Intelligence 10.2.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153179. | ||||