Export limit exceeded: 10462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17096 | 1 Surina | 1 Soundtouch | 2024-11-21 | N/A |
| The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | ||||
| CVE-2018-17074 | 1 Feed Statistics Project | 1 Feed Statistics | 2024-11-21 | N/A |
| The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. | ||||
| CVE-2018-16988 | 1 Xdmod | 1 Open Xdmod | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes. | ||||
| CVE-2018-16971 | 1 Wisetail | 1 Learning Management System | 2024-11-21 | N/A |
| Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR) attacks to access non-purchased course contents (quiz / test) via a modified id parameter. | ||||
| CVE-2018-16954 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||
| CVE-2018-16792 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-11-21 | 9.1 Critical |
| SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | ||||
| CVE-2018-16781 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | N/A |
| ffjpeg.dll in ffjpeg before 2018-08-22 allows remote attackers to cause a denial of service (FPE signal) via a progressive JPEG file that lacks an AC Huffman table. | ||||
| CVE-2018-16766 | 1 Webassembly Virtual Machine Project | 1 Webassembly Virtual Machine | 2024-11-21 | N/A |
| In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached. | ||||
| CVE-2018-16761 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| Eventum before 3.4.0 has an open redirect vulnerability. | ||||
| CVE-2018-16749 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.5 Medium |
| In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. | ||||
| CVE-2018-16704 | 1 Gleeztech | 1 Gleezcms | 2024-11-21 | N/A |
| An issue was discovered in Gleez CMS v1.2.0. Because of an Insecure Direct Object Reference vulnerability, it is possible for attackers (logged in users) to view profile page of other users, as demonstrated by navigating to user/3 on demo.gleezcms.org. | ||||
| CVE-2018-16608 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the administrator via an admin/index.php?id=users&action=edit&user_id=1, Insecure Direct Object Reference (IDOR). | ||||
| CVE-2018-16606 | 1 Proconf | 1 Proconf | 2024-11-21 | N/A |
| In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter). | ||||
| CVE-2018-16529 | 1 Forcepoint | 1 Email Security | 2024-11-21 | 9.8 Critical |
| A password reset vulnerability has been discovered in Forcepoint Email Security 8.5.x. The password reset URL can be used after the intended expiration period or after the URL has already been used to reset a password. | ||||
| CVE-2018-16521 | 1 Openmrs | 2 Html Form Entry, Reference Application | 2024-11-21 | N/A |
| An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | ||||
| CVE-2018-16494 | 1 Versa-networks | 1 Versa Operating System | 2024-11-21 | 8.8 High |
| In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers. | ||||
| CVE-2018-16426 | 2 Opensc Project, Redhat | 2 Opensc, Enterprise Linux | 2024-11-21 | N/A |
| Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs. | ||||
| CVE-2018-16323 | 2 Canonical, Imagemagick | 2 Ubuntu Linux, Imagemagick | 2024-11-21 | 6.5 Medium |
| ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data. | ||||
| CVE-2018-16252 | 1 Fspro | 1 Event Log Explorer | 2024-11-21 | N/A |
| FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. | ||||
| CVE-2018-16191 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | N/A |
| Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||