Export limit exceeded: 357872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357872 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7206 | 1 Jupyter | 1 Oauthenticator | 2024-11-21 | 8.8 High |
| An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.) | ||||
| CVE-2018-7204 | 1 Giribaz | 1 File Manager | 2024-11-21 | N/A |
| inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and contains database credentials, salts, etc. These files have been indexed by Google and a simple dork will find affected sites. | ||||
| CVE-2018-7203 | 1 Lynxtechnology | 1 Twonky Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | ||||
| CVE-2018-7202 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| An issue was discovered in ProjectSend before r1053. XSS exists in the "Name" field on the My Account page. | ||||
| CVE-2018-7201 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel. | ||||
| CVE-2018-7198 | 1 Octobercms | 1 October | 2024-11-21 | N/A |
| October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page. | ||||
| CVE-2018-7197 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | N/A |
| An issue was discovered in Pluck through 4.7.4. A stored cross-site scripting (XSS) vulnerability allows remote unauthenticated users to inject arbitrary web script or HTML into admin/blog Reaction Comments via a crafted URL. | ||||
| CVE-2018-7196 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter. | ||||
| CVE-2018-7195 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. | ||||
| CVE-2018-7194 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Integer format vulnerability in the ticket number generator in Enhancesoft osTicket before 1.10.2 allows remote attackers to cause a denial-of-service (preventing the creation of new tickets) via a large number of digits in the ticket number format setting. | ||||
| CVE-2018-7193 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "order" parameter. | ||||
| CVE-2018-7192 | 1 Osticket | 1 Osticket | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. | ||||
| CVE-2018-7191 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. | ||||
| CVE-2018-7188 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| An XSS vulnerability (via an SVG image) in Tiki before 18 allows an authenticated user to gain administrator privileges if an administrator opens a wiki page with a malicious SVG image, related to lib/filegals/filegallib.php. | ||||
| CVE-2018-7187 | 2 Debian, Golang | 2 Debian Linux, Go | 2024-11-21 | 8.8 High |
| The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site. | ||||
| CVE-2018-7186 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2024-11-21 | N/A |
| Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. | ||||
| CVE-2018-7183 | 4 Canonical, Freebsd, Netapp and 1 more | 4 Ubuntu Linux, Freebsd, Element Software and 1 more | 2024-11-21 | N/A |
| Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array. | ||||
| CVE-2018-7182 | 3 Canonical, Netapp, Ntp | 3 Ubuntu Linux, Element Software, Ntp | 2024-11-21 | N/A |
| The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10. | ||||
| CVE-2018-7180 | 1 Saxum2003 | 1 Astro | 2024-11-21 | N/A |
| SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. | ||||
| CVE-2018-7179 | 1 Squadmanagement Project | 1 Squadmanagement | 2024-11-21 | N/A |
| SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. | ||||