Export limit exceeded: 340792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5695 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19966 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
| An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595. | ||||
| CVE-2018-19950 | 1 Qnap | 2 Music Station, Qts | 2024-11-21 | 9.8 Critical |
| If exploited, this command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | ||||
| CVE-2018-19911 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | N/A |
| FreeSWITCH through 1.8.2, when mod_xml_rpc is enabled, allows remote attackers to execute arbitrary commands via the api/system or txtapi/system (or api/bg_system or txtapi/bg_system) query string on TCP port 8080, as demonstrated by an api/system?calc URI. This can also be exploited via CSRF. Alternatively, the default password of works for the freeswitch account can sometimes be used. | ||||
| CVE-2018-19760 | 1 Libconfuse Project | 1 Libconfuse | 2024-11-21 | N/A |
| cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak. | ||||
| CVE-2018-19451 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | N/A |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution. | ||||
| CVE-2018-19450 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | N/A |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution. | ||||
| CVE-2018-19445 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2024-11-21 | N/A |
| A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution. | ||||
| CVE-2018-19418 | 2 Foxitsoftware, Microsoft | 2 Pdf Activex, Windows | 2024-11-21 | 7.8 High |
| Foxit PDF ActiveX before 5.5.1 allows remote code execution via command injection because of the lack of a security permission control. | ||||
| CVE-2018-19213 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | N/A |
| Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c. | ||||
| CVE-2018-19139 | 3 Debian, Jasper Project, Redhat | 3 Debian Linux, Jasper, Fedora | 2024-11-21 | N/A |
| An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c. | ||||
| CVE-2018-19132 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2024-11-21 | N/A |
| Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. | ||||
| CVE-2018-19031 | 1 360 | 10 Safe Router P0, Safe Router P0 Firmware, Safe Router P1 and 7 more | 2024-11-21 | 8.8 High |
| A command injection vulnerability exists when the authorized user passes crafted parameter to background process in the router. This affects 360 router series products (360 Safe Router P0,P1,P2,P3,P4), the affected version is V2.0.61.58897. | ||||
| CVE-2018-19015 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 7.3 High |
| An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application. | ||||
| CVE-2018-19013 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file. | ||||
| CVE-2018-1999043 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | N/A |
| A denial of service vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in BasicAuthenticationFilter.java, BasicHeaderApiTokenAuthenticator.java that allows attackers to create ephemeral in-memory user records by attempting to log in using invalid credentials. | ||||
| CVE-2018-18897 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo. | ||||
| CVE-2018-18544 | 4 Graphicsmagick, Imagemagick, Opensuse and 1 more | 4 Graphicsmagick, Imagemagick, Leap and 1 more | 2024-11-21 | N/A |
| There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31. | ||||
| CVE-2018-18482 | 1 Libpg Query Project | 1 Libpg Query | 2024-11-21 | N/A |
| An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service. | ||||
| CVE-2018-18443 | 1 Ilm | 1 Openexr | 2024-11-21 | N/A |
| OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview. | ||||
| CVE-2018-18226 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.6.0 to 2.6.3, the Steam IHS Discovery dissector could consume system memory. This was addressed in epan/dissectors/packet-steam-ihs-discovery.c by changing the memory-management approach. | ||||