Search Results (26989 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-25024 1 Actix 1 Actix-web 2024-11-21 9.8 Critical
An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.
CVE-2018-25017 1 Rawspeed 1 Rawspeed 2024-11-21 9.8 Critical
RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.
CVE-2018-25016 1 Greenbone 2 Greenbone Os, Greenbone Security Assistant 2024-11-21 9.8 Critical
Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.
CVE-2018-25014 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2024-11-21 9.8 Critical
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
CVE-2018-25013 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2024-11-21 9.1 Critical
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
CVE-2018-25012 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2024-11-21 9.1 Critical
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
CVE-2018-25011 2 Redhat, Webmproject 4 Enterprise Linux, Rhel Eus, Rhmt and 1 more 2024-11-21 9.8 Critical
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
CVE-2018-25010 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2024-11-21 9.1 Critical
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
CVE-2018-25009 2 Redhat, Webmproject 2 Enterprise Linux, Libwebp 2024-11-21 9.1 Critical
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
CVE-2018-21268 1 Traceroute Project 1 Traceroute 2024-11-21 10 Critical
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
CVE-2018-21251 1 Mattermost 1 Mattermost Server 2024-11-21 9.8 Critical
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.
CVE-2018-21246 1 Caddyserver 1 Caddy 2024-11-21 9.8 Critical
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
CVE-2018-21245 1 Apsis 1 Pound 2024-11-21 9.1 Critical
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.
CVE-2018-21244 1 Foxitsoftware 1 Phantompdf 2024-11-21 9.8 Critical
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
CVE-2018-21242 1 Foxitsoftware 1 Phantompdf 2024-11-21 9.8 Critical
An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Remote Code Execution via a GoToE or GoToR action.
CVE-2018-21234 2 Apache, Jodd 2 Hive, Jodd 2024-11-21 9.8 Critical
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.
CVE-2018-21162 1 Netgear 32 D6400, D6400 Firmware, Ex6200 and 29 more 2024-11-21 9.8 Critical
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D6400 before 1.0.0.78, EX6200 before 1.0.3.86, EX7000 before 1.0.0.64, R6250 before 1.0.4.8, R6300v2 before 1.0.4.6, R6400 before 1.0.1.12, R6700 before 1.0.1.16, R7000 before 1.0.7.10, R7100LG before 1.0.0.42, R7300DST before 1.0.0.44, R7900 before 1.0.1.12, R8000 before 1.0.3.36, R8300 before 1.0.2.74, R8500 before 1.0.2.74, WNDR3400v3 before 1.0.1.14, and WNR3500Lv2 before 1.2.0.48.
CVE-2018-21161 1 Netgear 6 D7800, D7800 Firmware, R7800 and 3 more 2024-11-21 9.8 Critical
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.34, R7800 before 1.0.2.46, and R9000 before 1.0.3.16.
CVE-2018-21153 1 Netgear 40 D7800, D7800 Firmware, Dm200 and 37 more 2024-11-21 9.8 Critical
Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.62, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.40, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv2 before 1.0.0.56, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.56, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.
CVE-2018-21137 1 Netgear 4 D3600, D3600 Firmware, D6000 and 1 more 2024-11-21 9.8 Critical
Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76.