Export limit exceeded: 359603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359603 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-9257 | 1 Wireshark | 1 Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns. | ||||
| CVE-2018-9256 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector could crash. This was addressed in epan/dissectors/packet-lwapp.c by limiting the encapsulation levels to restrict the recursion depth. | ||||
| CVE-2018-9252 | 1 Jasper Project | 1 Jasper | 2024-11-21 | N/A |
| JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c. | ||||
| CVE-2018-9251 | 3 Debian, Redhat, Xmlsoft | 3 Debian Linux, Enterprise Linux, Libxml2 | 2024-11-21 | N/A |
| The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035. | ||||
| CVE-2018-9250 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote authenticated users to execute arbitrary SQL commands via the newlistname parameter. | ||||
| CVE-2018-9249 | 1 Fiberhome | 2 Vdsl2 Modem Hg 150-ub, Vdsl2 Modem Hg 150-ub Firmware | 2024-11-21 | N/A |
| FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ignoring the parent.location='login.html' JavaScript code in the response to an unauthenticated request. | ||||
| CVE-2018-9248 | 1 Fiberhome | 2 Vdsl2 Modem Hg 150-ub, Vdsl2 Modem Hg 150-ub Firmware | 2024-11-21 | N/A |
| FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header. | ||||
| CVE-2018-9247 | 1 Gxlcms | 1 Gxlcms Qy | 2024-11-21 | N/A |
| The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a <?php substring, and then using INTO OUTFILE with a .php filename. | ||||
| CVE-2018-9246 | 2 Ledgersmb, Pgobject-util-dbadmin Project | 2 Ledgersmb, Pgobject-util-dbadmin | 2024-11-21 | N/A |
| The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. | ||||
| CVE-2018-9245 | 1 Ericssonlg | 1 Ipecs Nms | 2024-11-21 | N/A |
| The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. | ||||
| CVE-2018-9244 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | ||||
| CVE-2018-9243 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7. | ||||
| CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | N/A |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | ||||
| CVE-2018-9240 | 3 Canonical, Debian, Ncmpc Project | 3 Ubuntu Linux, Debian Linux, Ncmpc | 2024-11-21 | 7.5 High |
| ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a user uses the chat screen and another client sends a long chat message, a crash and denial of service could occur. | ||||
| CVE-2018-9238 | 1 Yahei | 1 Yahei Php Prober | 2024-11-21 | N/A |
| proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName parameter. | ||||
| CVE-2018-9237 | 1 Iscripts | 1 Easycreate | 2024-11-21 | N/A |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" field. | ||||
| CVE-2018-9236 | 1 Iscripts | 1 Easycreate | 2024-11-21 | N/A |
| iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site title" field. | ||||
| CVE-2018-9235 | 1 Iscripts | 1 Sonicbb | 2024-11-21 | N/A |
| iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query parameter to search.php. | ||||
| CVE-2018-9234 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2024-11-21 | N/A |
| GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. | ||||
| CVE-2018-9233 | 1 Sophos | 1 Endpoint Protection | 2024-11-21 | N/A |
| Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches. | ||||