Export limit exceeded: 344027 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75387 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-2503 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.4 High |
| By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). | ||||
| CVE-2018-2492 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.1 High |
| SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. | ||||
| CVE-2018-2484 | 1 Sap | 4 Bank\/cfm, Ea-finserv, S4core and 1 more | 2024-11-21 | 8.8 High |
| SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | ||||
| CVE-2018-2446 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 7.5 High |
| Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. | ||||
| CVE-2018-2024 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 8.1 High |
| IBM QRadar SIEM 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 155350. | ||||
| CVE-2018-25081 | 1 Bitwarden | 1 Bitwarden | 2024-11-21 | 7.5 High |
| Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default. | ||||
| CVE-2018-25033 | 2 Admesh Project, Debian | 2 Admesh, Debian Linux | 2024-11-21 | 8.1 High |
| ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. | ||||
| CVE-2018-25029 | 1 Silabs | 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more | 2024-11-21 | 8.1 High |
| The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. | ||||
| CVE-2018-25028 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2024-11-21 | 7.5 High |
| An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free. | ||||
| CVE-2018-25027 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2024-11-21 | 7.5 High |
| An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free. | ||||
| CVE-2018-25023 | 1 Servo | 1 Smallvec | 2024-11-21 | 7.5 High |
| An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type. | ||||
| CVE-2018-25021 | 1 Toktok | 1 Toxcore | 2024-11-21 | 7.5 High |
| The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS). | ||||
| CVE-2018-25020 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2024-11-21 | 7.8 High |
| The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. | ||||
| CVE-2018-25019 | 1 Learndash | 1 Learndash | 2024-11-21 | 7.5 High |
| The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | ||||
| CVE-2018-25018 | 2 Linux, Rarlab | 2 Linux Kernel, Unrar | 2024-11-21 | 7.8 High |
| UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. | ||||
| CVE-2018-25015 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. | ||||
| CVE-2018-25002 | 1 Sunhater | 1 Kcfinder | 2024-11-21 | 8.8 High |
| uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2018-21264 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | ||||
| CVE-2018-21263 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | ||||
| CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | ||||