Export limit exceeded: 359583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8945 | 2 Gnu, Redhat | 5 Binutils, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | N/A |
| The bfd_section_from_shdr function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (segmentation fault) via a large attribute section. | ||||
| CVE-2018-8944 | 1 Phpok | 1 Phpok | 2024-11-21 | N/A |
| PHPOK 4.8.338 has an arbitrary file upload vulnerability. | ||||
| CVE-2018-8943 | 1 Phpshe | 1 Phpshe | 2024-11-21 | N/A |
| There is a SQL injection in the PHPSHE 1.6 userbank parameter. | ||||
| CVE-2018-8942 | 1 Xiuno Bbs Project | 1 Xiuno Bbs | 2024-11-21 | N/A |
| Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. | ||||
| CVE-2018-8941 | 2 D-link, Dlink | 2 Dsl-3782 Firmware, Dsl-3782 | 2024-11-21 | N/A |
| Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. | ||||
| CVE-2018-8940 | 1 Enghouse | 1 Contact Center\ | 2024-11-21 | N/A |
| ClientServiceConfigController.cs in Enghouse Cloud Contact Center Platform 7.2.5 has functionality for loading external XML files and parsing them, allowing an attacker to upload a malicious XML file and reference it in the URL of the application, forcing the application to load and parse the malicious XML file, aka an XXE issue. | ||||
| CVE-2018-8939 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A |
| An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can submit specially crafted requests via the NmAPI executable to (1) gain unauthorized access to the WhatsUp Gold system, (2) obtain information about the WhatsUp Gold system, or (3) execute remote commands. | ||||
| CVE-2018-8938 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | N/A |
| A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server. | ||||
| CVE-2018-8937 | 1 Open-audit | 1 Open-audit | 2024-11-21 | N/A |
| An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code. | ||||
| CVE-2018-8936 | 1 Amd | 8 Epyc Server, Epyc Server Firmware, Ryzen and 5 more | 2024-11-21 | N/A |
| The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation. | ||||
| CVE-2018-8935 | 1 Amd | 4 Ryzen, Ryzen Firmware, Ryzen Pro and 1 more | 2024-11-21 | N/A |
| The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in the ASIC, aka CHIMERA-HW. | ||||
| CVE-2018-8934 | 1 Amd | 4 Ryzen, Ryzen Firmware, Ryzen Pro and 1 more | 2024-11-21 | N/A |
| The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW. | ||||
| CVE-2018-8933 | 1 Amd | 2 Epyc Server, Epyc Server Firmware | 2024-11-21 | N/A |
| The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3. | ||||
| CVE-2018-8932 | 1 Amd | 4 Ryzen, Ryzen Firmware, Ryzen Pro and 1 more | 2024-11-21 | N/A |
| The AMD Ryzen and Ryzen Pro processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-2, RYZENFALL-3, and RYZENFALL-4. | ||||
| CVE-2018-8931 | 1 Amd | 6 Ryzen, Ryzen Firmware, Ryzen Mobile and 3 more | 2024-11-21 | N/A |
| The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1. | ||||
| CVE-2018-8930 | 1 Amd | 8 Epyc Server, Epyc Server Firmware, Ryzen and 5 more | 2024-11-21 | N/A |
| The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. | ||||
| CVE-2018-8929 | 1 Synology | 1 Ssl Vpn Client | 2024-11-21 | N/A |
| Improper restriction of communication channel to intended endpoints vulnerability in HTTP daemon in Synology SSL VPN Client before 1.2.4-0224 allows remote attackers to conduct man-in-the-middle attacks via a crafted payload. | ||||
| CVE-2018-8928 | 1 Synology | 1 Carddav Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | ||||
| CVE-2018-8927 | 1 Synology | 1 Calendar | 2024-11-21 | N/A |
| Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. | ||||
| CVE-2018-8926 | 1 Synology | 1 Photo Station | 2024-11-21 | N/A |
| Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter. | ||||