Export limit exceeded: 75434 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75434 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-25081 | 1 Bitwarden | 1 Bitwarden | 2024-11-21 | 7.5 High |
| Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default. | ||||
| CVE-2018-25033 | 2 Admesh Project, Debian | 2 Admesh, Debian Linux | 2024-11-21 | 8.1 High |
| ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. | ||||
| CVE-2018-25029 | 1 Silabs | 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more | 2024-11-21 | 8.1 High |
| The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. | ||||
| CVE-2018-25028 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2024-11-21 | 7.5 High |
| An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free. | ||||
| CVE-2018-25027 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2024-11-21 | 7.5 High |
| An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free. | ||||
| CVE-2018-25023 | 1 Servo | 1 Smallvec | 2024-11-21 | 7.5 High |
| An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type. | ||||
| CVE-2018-25021 | 1 Toktok | 1 Toxcore | 2024-11-21 | 7.5 High |
| The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS). | ||||
| CVE-2018-25020 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2024-11-21 | 7.8 High |
| The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. | ||||
| CVE-2018-25019 | 1 Learndash | 1 Learndash | 2024-11-21 | 7.5 High |
| The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | ||||
| CVE-2018-25018 | 2 Linux, Rarlab | 2 Linux Kernel, Unrar | 2024-11-21 | 7.8 High |
| UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. | ||||
| CVE-2018-25015 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. | ||||
| CVE-2018-25002 | 1 Sunhater | 1 Kcfinder | 2024-11-21 | 8.8 High |
| uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2018-21264 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | ||||
| CVE-2018-21263 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 8.8 High |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | ||||
| CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | ||||
| CVE-2018-21258 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. | ||||
| CVE-2018-21248 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials. | ||||
| CVE-2018-21247 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function. | ||||
| CVE-2018-21241 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 7.8 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. | ||||
| CVE-2018-21240 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||