Total
49439 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-21236 | 1 Foxitsoftware | 1 Reader | 2024-08-05 | 7.5 High |
An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference. | ||||
CVE-2018-25019 | 1 Learndash | 1 Learndash | 2024-08-05 | 7.5 High |
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server | ||||
CVE-2018-25069 | 1 Netis-systems | 2 Netcore Router, Netcore Router Firmware | 2024-08-05 | 7.3 High |
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability. | ||||
CVE-2018-25028 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2024-08-05 | 7.5 High |
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free. | ||||
CVE-2018-25020 | 2 Linux, Netapp | 18 Linux Kernel, Cloud Backup, H300e and 15 more | 2024-08-05 | 7.8 High |
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. | ||||
CVE-2018-25048 | 1 Codesys | 15 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 12 more | 2024-08-05 | 8.8 High |
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. | ||||
CVE-2018-25033 | 2 Admesh Project, Debian | 2 Admesh, Debian Linux | 2024-08-05 | 8.1 High |
ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. | ||||
CVE-2018-21240 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-05 | 7.5 High |
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | ||||
CVE-2018-25029 | 1 Silabs | 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more | 2024-08-05 | 8.1 High |
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. | ||||
CVE-2018-21263 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 8.8 High |
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | ||||
CVE-2018-25032 | 11 Apple, Azul, Debian and 8 more | 45 Mac Os X, Macos, Zulu and 42 more | 2024-08-05 | 7.5 High |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | ||||
CVE-2018-25015 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-08-05 | 7.8 High |
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8. | ||||
CVE-2018-25027 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2024-08-05 | 7.5 High |
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free. | ||||
CVE-2018-21264 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 8.8 High |
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | ||||
CVE-2018-25018 | 2 Linux, Rarlab | 2 Linux Kernel, Unrar | 2024-08-05 | 7.8 High |
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext. | ||||
CVE-2018-21258 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 7.5 High |
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command. | ||||
CVE-2018-21262 | 1 Mattermost | 1 Mattermost Server | 2024-08-05 | 7.5 High |
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text. | ||||
CVE-2018-25002 | 1 Sunhater | 1 Kcfinder | 2024-08-05 | 8.8 High |
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
CVE-2018-21175 | 1 Netgear | 16 D6100, D6100 Firmware, R6100 and 13 more | 2024-08-05 | 7.2 High |
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62. | ||||
CVE-2018-21241 | 1 Foxitsoftware | 1 Phantompdf | 2024-08-05 | 7.8 High |
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code. |