Export limit exceeded: 75394 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75394 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-21039 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with N(7.0) software. With the Location permission for the compass feature in Quick Tools (aka QuickTools), an attacker can bypass the lockscreen. The Samsung ID is SVE-2018-12053 (December 2018). | ||||
| CVE-2018-21037 | 1 Intelliants | 1 Subrion | 2024-11-21 | 8.8 High |
| Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change the administrator password via the panel/members/edit/1 URI. | ||||
| CVE-2018-21036 | 1 Sailsjs | 1 Sails | 2024-11-21 | 7.5 High |
| Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. | ||||
| CVE-2018-21035 | 2 Qt, Redhat | 2 Qt, Enterprise Linux | 2024-11-21 | 7.5 High |
| In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). | ||||
| CVE-2018-21028 | 1 Boa | 1 Boa | 2024-11-21 | 7.5 High |
| Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. | ||||
| CVE-2018-21026 | 4 Hitachi, Linux, Microsoft and 1 more | 8 Compute Systems Manager, Device Manager, Replication Manager and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.6.5-00 allows an unauthenticated remote user to read internal information. | ||||
| CVE-2018-21023 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | ||||
| CVE-2018-21022 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| makeXML_ListServices.php in Centreon Web before 2.8.28 allows attackers to perform SQL injections via the host_id parameter. | ||||
| CVE-2018-21021 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 8.8 High |
| img_gantt.php in Centreon Web before 2.8.27 allows attackers to perform SQL injections via the host_id parameter. | ||||
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2024-11-21 | 7.5 High |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | ||||
| CVE-2018-21019 | 1 Home-assistant | 1 Home-assistant | 2024-11-21 | 7.5 High |
| Home Assistant before 0.67.0 was vulnerable to an information disclosure that allowed an unauthenticated attacker to read the application's error log via components/api.py. | ||||
| CVE-2018-21011 | 1 Wpcharitable | 1 Charitable | 2024-11-21 | 7.5 High |
| The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details. | ||||
| CVE-2018-21010 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 8.8 High |
| OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c. | ||||
| CVE-2018-20847 | 3 Debian, Redhat, Uclouvain | 3 Debian Linux, Enterprise Linux, Openjpeg | 2024-11-21 | 8.8 High |
| An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | ||||
| CVE-2018-20836 | 7 Canonical, Debian, F5 and 4 more | 16 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 13 more | 2024-11-21 | 8.1 High |
| An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | ||||
| CVE-2018-20781 | 3 Canonical, Gnome, Oracle | 3 Ubuntu Linux, Gnome Keyring, Zfs Storage Appliance Kit | 2024-11-21 | 7.8 High |
| In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext. | ||||
| CVE-2018-20669 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2024-11-21 | 7.8 High |
| An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. | ||||
| CVE-2018-20582 | 1 Gree | 1 Gree\+ | 2024-11-21 | 8.8 High |
| The GREE+ (aka com.gree.greeplus) application 1.4.0.8 for Android suffers from Cross Site Request Forgery. | ||||
| CVE-2018-20549 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 8.8 High |
| There is an illegal WRITE memory access at caca/file.c (function caca_file_read) in libcaca 0.99.beta19. | ||||
| CVE-2018-20548 | 4 Canonical, Fedoraproject, Libcaca Project and 1 more | 4 Ubuntu Linux, Fedora, Libcaca and 1 more | 2024-11-21 | 8.8 High |
| There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 1bpp data. | ||||