Export limit exceeded: 356047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356047 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19856 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API. | ||||
| CVE-2018-19855 | 1 Uipath | 1 Orchestrator | 2024-11-21 | N/A |
| UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features. | ||||
| CVE-2018-19854 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A |
| An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option). | ||||
| CVE-2018-19853 | 1 Hitshop Project | 1 Hitshop | 2024-11-21 | N/A |
| An issue was discovered in hitshop through 2014-07-15. There is an elevation-of-privilege vulnerability (that allows control over the whole web site) via the admin.php/user/add URI because a storekeeper account (which is supposed to have only privileges for commodity management) can add an administrator account. | ||||
| CVE-2018-19849 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | N/A |
| An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter. | ||||
| CVE-2018-19845 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | N/A |
| There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325. | ||||
| CVE-2018-19844 | 1 Frogcms Project | 1 Frogcms | 2024-11-21 | N/A |
| FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319. | ||||
| CVE-2018-19843 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| opmov in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. | ||||
| CVE-2018-19842 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A |
| getToken in libr/asm/p/asm_x86_nz.c in radare2 before 3.1.0 allows attackers to cause a denial of service (stack-based buffer over-read) via crafted x86 assembly data, as demonstrated by rasm2. | ||||
| CVE-2018-19841 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.5 Medium |
| The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack Lossless Audio file, as demonstrated by wvunpack. | ||||
| CVE-2018-19840 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Leap and 2 more | 2024-11-21 | N/A |
| The function WavpackPackInit in pack_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (resource exhaustion caused by an infinite loop) via a crafted wav audio file because WavpackSetConfiguration64 mishandles a sample rate of zero. | ||||
| CVE-2018-19839 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file. | ||||
| CVE-2018-19838 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy(). | ||||
| CVE-2018-19837 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp. | ||||
| CVE-2018-19836 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including the Cookie header), and common.inc.php allows registering variables from the $_COOKIE value. This issue can, for example, be exploited in conjunction with CVE-2018-19835 to bypass many XSS filters such as the Chrome XSS filter. | ||||
| CVE-2018-19835 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. | ||||
| CVE-2018-19834 | 1 Bombba Project | 1 Bombba | 2024-11-21 | 7.5 High |
| The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | ||||
| CVE-2018-19833 | 1 Ddq Project | 1 Ddq | 2024-11-21 | 7.5 High |
| The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | ||||
| CVE-2018-19832 | 1 Newinteltechmedia Project | 1 Newinteltechmedia | 2024-11-21 | 7.5 High |
| The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | ||||
| CVE-2018-19831 | 1 Cryptbond Network Project | 1 Cryptbond Network | 2024-11-21 | 7.5 High |
| The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | ||||