Total 49439 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-21236 1 Foxitsoftware 1 Reader 2024-08-05 7.5 High
An issue was discovered in Foxit Reader before 2.4.4. It has a NULL pointer dereference.
CVE-2018-25019 1 Learndash 1 Learndash 2024-08-05 7.5 High
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web server
CVE-2018-25069 1 Netis-systems 2 Netcore Router, Netcore Router Firmware 2024-08-05 7.3 High
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability.
CVE-2018-25028 1 Libpulse-binding Project 1 Libpulse-binding 2024-08-05 7.5 High
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.
CVE-2018-25020 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2024-08-05 7.8 High
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.
CVE-2018-25048 1 Codesys 15 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 12 more 2024-08-05 8.8 High
The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.
CVE-2018-25033 2 Admesh Project, Debian 2 Admesh, Debian Linux 2024-08-05 8.1 High
ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a.
CVE-2018-21240 1 Foxitsoftware 2 Phantompdf, Reader 2024-08-05 7.5 High
An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It allows memory consumption via an ArrayBuffer(0xfffffffe) call.
CVE-2018-25029 1 Silabs 10 Zgm130s037hgn, Zgm130s037hgn Firmware, Zgm2305a27hgn and 7 more 2024-08-05 8.1 High
The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic.
CVE-2018-21263 1 Mattermost 1 Mattermost Server 2024-08-05 8.8 High
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.
CVE-2018-25032 11 Apple, Azul, Debian and 8 more 45 Mac Os X, Macos, Zulu and 42 more 2024-08-05 7.5 High
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
CVE-2018-25015 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-08-05 7.8 High
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.
CVE-2018-25027 1 Libpulse-binding Project 1 Libpulse-binding 2024-08-05 7.5 High
An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.
CVE-2018-21264 1 Mattermost 1 Mattermost Server 2024-08-05 8.8 High
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.
CVE-2018-25018 2 Linux, Rarlab 2 Linux Kernel, Unrar 2024-08-05 7.8 High
UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.
CVE-2018-21258 1 Mattermost 1 Mattermost Server 2024-08-05 7.5 High
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.
CVE-2018-21262 1 Mattermost 1 Mattermost Server 2024-08-05 7.5 High
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.
CVE-2018-25002 1 Sunhater 1 Kcfinder 2024-08-05 8.8 High
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy.
CVE-2018-21175 1 Netgear 16 D6100, D6100 Firmware, R6100 and 13 more 2024-08-05 7.2 High
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.57, R6100 before 1.0.1.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.92, WNDR4300 before 1.0.2.94, WNDR4300v2 before 1.0.0.50, WNDR4500v3 before 1.0.0.50, and WNR2000v5 before 1.0.0.62.
CVE-2018-21241 1 Foxitsoftware 1 Phantompdf 2024-08-05 7.8 High
An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an untrusted search path that allows a DLL to execute remote code.