Export limit exceeded: 357921 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357921 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357921 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7453 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. | ||||
| CVE-2018-7452 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A |
| A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. | ||||
| CVE-2018-7449 | 2 Microsoft, Segger | 2 Windows, Embos\/ip Ftp Server | 2024-11-21 | N/A |
| SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | ||||
| CVE-2018-7448 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| Remote code execution vulnerability in /cmsms-2.1.6-install.php/index.php in CMS Made Simple version 2.1.6 allows remote attackers to inject arbitrary PHP code via the "timezone" parameter in step 4 of a fresh installation procedure. | ||||
| CVE-2018-7447 | 1 Mojoportal | 1 Mojoportal | 2024-11-21 | N/A |
| mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts | ||||
| CVE-2018-7443 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | N/A |
| The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 does not properly validate the amount of image data in a file, which allows remote attackers to cause a denial of service (memory allocation failure in the AcquireMagickMemory function in MagickCore/memory.c). | ||||
| CVE-2018-7442 | 1 Leptonica | 1 Leptonica | 2024-11-21 | N/A |
| An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. | ||||
| CVE-2018-7441 | 1 Leptonica | 1 Leptonica | 2024-11-21 | N/A |
| Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. | ||||
| CVE-2018-7440 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2024-11-21 | N/A |
| An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. | ||||
| CVE-2018-7439 | 2 Debian, Freexl Project | 2 Debian Linux, Freexl | 2024-11-21 | N/A |
| An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the function read_mini_biff_next_record. | ||||
| CVE-2018-7438 | 2 Debian, Freexl Project | 2 Debian Linux, Freexl | 2024-11-21 | N/A |
| An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the parse_unicode_string function. | ||||
| CVE-2018-7437 | 2 Debian, Freexl Project | 2 Debian Linux, Freexl | 2024-11-21 | N/A |
| An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a memcpy call of the parse_SST function. | ||||
| CVE-2018-7436 | 2 Debian, Freexl Project | 2 Debian Linux, Freexl | 2024-11-21 | N/A |
| An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in a pointer dereference of the parse_SST function. | ||||
| CVE-2018-7435 | 2 Debian, Freexl Project | 2 Debian Linux, Freexl | 2024-11-21 | N/A |
| An issue was discovered in FreeXL before 1.0.5. There is a heap-based buffer over-read in the freexl::destroy_cell function. | ||||
| CVE-2018-7434 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.3 Medium |
| zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. | ||||
| CVE-2018-7433 | 1 Ithemes | 1 Security | 2024-11-21 | N/A |
| The iThemes Security plugin before 6.9.1 for WordPress does not properly perform data escaping for the logs page. | ||||
| CVE-2018-7432 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A |
| Splunk Enterprise 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allow remote attackers to cause a denial of service via a crafted HTTP request. | ||||
| CVE-2018-7431 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A |
| Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2018-7429 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A |
| Splunkd in Splunk Enterprise 6.2.x before 6.2.14 6.3.x before 6.3.11, and 6.4.x before 6.4.8; and Splunk Light before 6.5.0 allow remote attackers to cause a denial of service via a malformed HTTP request. | ||||
| CVE-2018-7427 | 1 Splunk | 1 Splunk | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||