Export limit exceeded: 10029 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10029 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10990 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2024-11-21 | 8.0 High |
| On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser. | ||||
| CVE-2018-10963 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726. | ||||
| CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 12 Ubuntu Linux, Debian Linux, Postgresql and 9 more | 2024-11-21 | N/A |
| A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. | ||||
| CVE-2018-10901 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.8 High |
| A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. | ||||
| CVE-2018-10887 | 2 Debian, Libgit2 | 2 Debian Linux, Libgit2 | 2024-11-21 | 8.1 High |
| A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. | ||||
| CVE-2018-10832 | 1 Modbuspal Project | 1 Modbuspal | 2024-11-21 | N/A |
| ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. Projects are saved as .xmpp files and automations can be exported as .xmpa files, both XML-based, which are vulnerable to XXE injection. Sending a crafted .xmpp or .xmpa file to a user, when opened/imported in ModbusPal, will return the contents of any local files to a remote attacker. | ||||
| CVE-2018-10678 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A |
| MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks. | ||||
| CVE-2018-10653 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | N/A |
| There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | ||||
| CVE-2018-10651 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | N/A |
| There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | ||||
| CVE-2018-10614 | 1 We-con | 1 Levistudiou | 2024-11-21 | N/A |
| An XXE vulnerability in LeviStudioU, Versions 1.8.29 and 1.8.44 can be exploited when the application processes specially crafted project XML files. | ||||
| CVE-2018-10613 | 1 Ge | 1 Mds Pulsenet | 2024-11-21 | N/A |
| Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. | ||||
| CVE-2018-10600 | 1 Selinc | 1 Acselerator Architect | 2024-11-21 | N/A |
| SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. | ||||
| CVE-2018-10484 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Node objects. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5411. | ||||
| CVE-2018-10361 | 1 Kde | 1 Ktexteditor | 2024-11-21 | N/A |
| An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation. | ||||
| CVE-2018-10175 | 1 Digitalguardian | 1 Management Console | 2024-11-21 | N/A |
| Digital Guardian Management Console 7.1.2.0015 has an XXE issue. | ||||
| CVE-2018-10115 | 1 7-zip | 1 7-zip | 2024-11-21 | N/A |
| Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | ||||
| CVE-2018-10101 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | N/A |
| Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | ||||
| CVE-2018-10100 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | N/A |
| Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | ||||
| CVE-2018-10081 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring. | ||||
| CVE-2018-10077 | 1 Vertiv | 1 Watchdog Console | 2024-11-21 | 4.9 Medium |
| XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data. | ||||