Search Results (83082 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-8834 1 Omron 7 Cx-flnet, Cx-one, Cx-programmer and 4 more 2024-11-21 7.8 High
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a heap-based buffer overflow.
CVE-2018-8833 1 Advantech 1 Webaccess Hmi Designer 2024-11-21 7.8 High
Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI Designer 2.1.7.32 and prior caused by processing specially crafted .pm3 files may allow remote code execution.
CVE-2018-8832 1 Enhavo 1 Enhavo 2024-11-21 N/A
enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page.
CVE-2018-8831 1 Kodi 1 Kodi 2024-11-21 N/A
A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist.
CVE-2018-8828 2 Debian, Kamailio 2 Debian Linux, Kamailio 2024-11-21 N/A
A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x before 5.0.6, and 5.1.x before 5.1.2. A specially crafted REGISTER message with a malformed branch or From tag triggers an off-by-one heap-based buffer overflow in the tmx_check_pretran function in modules/tmx/tmx_pretran.c.
CVE-2018-8827 1 Technicolor 2 Tg789vac, Tg789vac Firmware 2024-11-21 N/A
The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS.
CVE-2018-8815 1 Alkacon 1 Opencms 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.
CVE-2018-8805 1 Yxcms 1 Yxcms 2024-11-21 N/A
Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request.
CVE-2018-8800 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function ui_clip_handle_data() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8797 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function process_plane() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8795 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably even a remote code execution.
CVE-2018-8794 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even a remote code execution.
CVE-2018-8793 3 Debian, Opensuse, Rdesktop 3 Debian Linux, Leap, Rdesktop 2024-11-21 9.8 Critical
rdesktop versions up to and including v1.8.3 contain a Heap-Based Buffer Overflow in function cssp_read_tsrequest() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8788 4 Canonical, Debian, Freerdp and 1 more 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more 2024-11-21 N/A
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.
CVE-2018-8787 4 Canonical, Debian, Freerdp and 1 more 10 Ubuntu Linux, Debian Linux, Freerdp and 7 more 2024-11-21 9.8 Critical
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.
CVE-2018-8786 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 9.8 Critical
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.
CVE-2018-8785 2 Canonical, Freerdp 2 Ubuntu Linux, Freerdp 2024-11-21 9.8 Critical
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8784 2 Canonical, Freerdp 2 Ubuntu Linux, Freerdp 2024-11-21 9.8 Critical
FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.
CVE-2018-8772 1 Coship 2 Rt3052, Rt3052 Firmware 2024-11-21 N/A
Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen.
CVE-2018-8767 1 Joyplus-cms Project 1 Joyplus-cms 2024-11-21 N/A
joyplus-cms 1.6.0 has XSS in manager/admin_ajax.php?action=save&tab={pre}vod_type via the t_name parameter.