Export limit exceeded: 42639 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42639 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15474 | 1 Dokuwiki | 1 Dokuwiki | 2024-11-21 | N/A |
| CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki. | ||||
| CVE-2018-15471 | 3 Canonical, Linux, Xen | 3 Ubuntu Linux, Linux Kernel, Xen | 2024-11-21 | 7.8 High |
| An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. | ||||
| CVE-2018-15363 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus \+ Security, Internet Security and 2 more | 2024-11-21 | N/A |
| An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability. | ||||
| CVE-2018-15361 | 1 Uvnc | 1 Ultravnc | 2024-11-21 | N/A |
| UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. | ||||
| CVE-2018-15354 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. | ||||
| CVE-2018-15353 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. | ||||
| CVE-2018-15350 | 1 Kraftway | 2 24f2xg Router, 24f2xg Router Firmware | 2024-11-21 | N/A |
| Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. | ||||
| CVE-2018-15209 | 3 Debian, Libtiff, Redhat | 3 Debian Linux, Libtiff, Enterprise Linux | 2024-11-21 | N/A |
| ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. | ||||
| CVE-2018-15191 | 1 Hotel Booking Script Project | 1 Hotel Booking Script | 2024-11-21 | N/A |
| PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. | ||||
| CVE-2018-15188 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. | ||||
| CVE-2018-15176 | 1 Xnview | 1 Xnview | 2024-11-21 | N/A |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file. | ||||
| CVE-2018-15175 | 1 Xnview | 1 Xnview | 2024-11-21 | N/A |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file. | ||||
| CVE-2018-15174 | 1 Xnview | 1 Xnview | 2024-11-21 | N/A |
| XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file. | ||||
| CVE-2018-15172 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | N/A |
| TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | ||||
| CVE-2018-15161 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15160 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15159 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15158 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15157 | 1 Libfsclfs Project | 1 Libfsclfs | 2024-11-21 | N/A |
| The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15128 | 1 Polycom | 3 Group Series, Hdx, Pano | 2024-11-21 | N/A |
| An issue was discovered in Polycom Group Series 6.1.6.1 and earlier, HDX 3.1.12 and earlier, and Pano 1.1.1 and earlier. A remote code execution vulnerability exists in the content sharing functionality because of a Buffer Overflow via crafted packets. | ||||