Export limit exceeded: 359582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359582 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5342 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: network services (Desktop Central and PostgreSQL) running with a superuser account. | ||||
| CVE-2018-5341 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. | ||||
| CVE-2018-5340 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: database access using a superuser account (specifically, an account with permission to write to the filesystem via SQL queries). | ||||
| CVE-2018-5339 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: insufficient enforcement of database query type restrictions. | ||||
| CVE-2018-5338 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: missing authentication/authorization for a database query mechanism. | ||||
| CVE-2018-5337 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: directory traversal in the SCRIPT_NAME field when modifying existing scripts. | ||||
| CVE-2018-5336 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. | ||||
| CVE-2018-5335 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. | ||||
| CVE-2018-5334 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. | ||||
| CVE-2018-5333 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | N/A |
| In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. | ||||
| CVE-2018-5332 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). | ||||
| CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2024-11-21 | N/A |
| Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | ||||
| CVE-2018-5330 | 1 Zyxel | 2 P-660hw V3, P-660hw V3 Firmware | 2024-11-21 | N/A |
| ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. | ||||
| CVE-2018-5329 | 1 Beims | 1 Contractorweb.net | 2024-11-21 | N/A |
| ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) on /CWEBNET/* authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. | ||||
| CVE-2018-5328 | 1 Beims | 1 Contractorweb.net | 2024-11-21 | N/A |
| ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details. | ||||
| CVE-2018-5327 | 2 Cmcm, Google | 2 Armorfly Browser \& Downloader, Android | 2024-11-21 | N/A |
| Cheetah Mobile Armorfly Browser & Downloader 1.1.05.0010, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | ||||
| CVE-2018-5326 | 2 Cmcm, Google | 2 Cm Browser, Android | 2024-11-21 | N/A |
| Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass. | ||||
| CVE-2018-5319 | 1 Ravpower | 1 Filehub Firmware | 2024-11-21 | N/A |
| RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. | ||||
| CVE-2018-5316 | 1 Patsatech | 1 Sagepay Server Gateway For Woocommerce | 2024-11-21 | N/A |
| The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. | ||||
| CVE-2018-5315 | 1 Wp Events Calendar Project | 1 Wp Events Calendar | 2024-11-21 | N/A |
| The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter to event.php. | ||||