Export limit exceeded: 358249 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 358249 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (358249 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8837 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | N/A |
| Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. | ||||
| CVE-2018-8836 | 1 Wago | 16 750-829, 750-829 Firmware, 750-831 and 13 more | 2024-11-21 | N/A |
| Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communications with commission and service tools. Specially crafted packets may also be sent to Port 2455/TCP/IP, used in Codesys management software, which may result in a denial-of-service condition of communications with commissioning and service tools. | ||||
| CVE-2018-8835 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | N/A |
| Double free vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | ||||
| CVE-2018-8834 | 1 Omron | 7 Cx-flnet, Cx-one, Cx-programmer and 4 more | 2024-11-21 | 7.8 High |
| Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow. | ||||
| CVE-2018-8833 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | 7.8 High |
| Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution. | ||||
| CVE-2018-8832 | 1 Enhavo | 1 Enhavo | 2024-11-21 | N/A |
| enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page. | ||||
| CVE-2018-8831 | 1 Kodi | 1 Kodi | 2024-11-21 | N/A |
| A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist. | ||||
| CVE-2018-8828 | 2 Debian, Kamailio | 2 Debian Linux, Kamailio | 2024-11-21 | N/A |
| A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c. | ||||
| CVE-2018-8827 | 1 Technicolor | 2 Tg789vac, Tg789vac Firmware | 2024-11-21 | N/A |
| The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. | ||||
| CVE-2018-8826 | 1 Asus | 26 Rt-ac1200, Rt-ac1200 Firmware, Rt-ac1750 and 23 more | 2024-11-21 | N/A |
| ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 routers with firmware before 3.0.0.4.380.8228; RT-AC52U B1, RT-AC1200 and RT-N600 routers with firmware before 3.0.0.4.380.10446; RT-AC55U and RT-AC55UHP routers with firmware before 3.0.0.4.382.50276; RT-AC86U and RT-AC2900 routers with firmware before 3.0.0.4.384.20648; and possibly other RT-series routers allow remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2018-8825 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A |
| Google TensorFlow 1.7 and below is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). | ||||
| CVE-2018-8824 | 2 Prestashop, Responsive Mega Menu Pro Project | 2 Prestashop, Responsive Mega Menu Pro | 2024-11-21 | N/A |
| modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute a SQL Injection through function calls in the code parameter. | ||||
| CVE-2018-8823 | 2 Prestashop, Responsive Mega Menu Pro Project | 2 Prestashop, Responsive Mega Menu Pro | 2024-11-21 | N/A |
| modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter. | ||||
| CVE-2018-8822 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code. | ||||
| CVE-2018-8821 | 1 Jungo | 1 Windriver | 2024-11-21 | N/A |
| windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a crafted .exe file. | ||||
| CVE-2018-8820 | 1 Square-9 | 1 Globalforms | 2024-11-21 | N/A |
| An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials. | ||||
| CVE-2018-8819 | 1 Carrier | 1 Automatedlogic Webctrl | 2024-11-21 | N/A |
| An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header. | ||||
| CVE-2018-8817 | 1 Wampserver | 1 Wampserver | 2024-11-21 | N/A |
| Wampserver before 3.1.3 has CSRF in add_vhost.php. | ||||
| CVE-2018-8815 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. | ||||
| CVE-2018-8814 | 1 Wolfcms | 1 Wolf Cms | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/[pluginname]/settings by crafting a malicious request. | ||||