Search Results (83078 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-8125 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2024-11-21 N/A
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.
CVE-2018-8122 1 Microsoft 1 Internet Explorer 2024-11-21 N/A
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
CVE-2018-8118 1 Microsoft 8 Internet Explorer, Windows 10, Windows 7 and 5 more 2024-11-21 N/A
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.
CVE-2018-8114 1 Microsoft 1 Internet Explorer 2024-11-21 N/A
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
CVE-2018-8111 1 Microsoft 2 Edge, Windows 10 2024-11-21 N/A
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236.
CVE-2018-8110 1 Microsoft 2 Edge, Windows 10 2024-11-21 N/A
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236.
CVE-2018-8108 1 Bui Project 1 Bui 2024-11-21 N/A
The select component in bui through 2018-03-13 has XSS because it performs an escape operation on already-escaped text, as demonstrated by workGroupList text.
CVE-2018-8100 1 Xpdfreader 1 Xpdf 2024-11-21 N/A
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8087 4 Canonical, Debian, Linux and 1 more 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more 2024-11-21 N/A
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.
CVE-2018-8078 1 Yzmcms 1 Yzmcms 2024-11-21 N/A
YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.
CVE-2018-8076 1 Zenmate 1 Zenmate 2024-11-21 N/A
ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability within the com.zenmate.chron-xpc LaunchDaemon component. The LaunchDaemon implements an XPC service that uses an insecure XPC API for accessing data from an inbound XPC message. This could potentially result in an XPC object of the wrong type being passed as the first argument to the xpc_connection_create_from_endpoint function if controlled by an attacker. In recent versions of macOS and OS X, Apple has implemented an internal check to prevent such XPC API abuse from occurring, thus making this vulnerability only result in a denial of service if exploited by an attacker.
CVE-2018-8072 1 Edimax 6 Ic-3140w, Ic-3140w Firmware, Ic-5150w and 3 more 2024-11-21 N/A
An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W through 3.09, and IC-6220DC through 3.06 devices. The ipcam_cgi binary contains a stack-based buffer overflow that is possible to trigger from a remote unauthenticated /camera-cgi/public/getsysyeminfo.cgi?action=VALUE_HERE HTTP request: if the VALUE_HERE length is more than 0x400 (1024), it is possible to overwrite other values located on the stack due to an incorrect use of the strcpy() function.
CVE-2018-8071 1 Mautic 1 Mautic 2024-11-21 N/A
Mautic before v2.13.0 has stored XSS via a theme config file.
CVE-2018-8070 1 Qcms 1 Qcms 2024-11-21 N/A
QCMS version 3.0 has XSS via the title parameter to the /guest/index.html URI.
CVE-2018-8069 1 Qcms 1 Qcms 2024-11-21 N/A
QCMS version 3.0 has XSS via the webname parameter to the /backend/system.html URI.
CVE-2018-8062 1 Comtrend 2 Ar-5387un, Ar-5387un Firmware 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.
CVE-2018-8058 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 N/A
CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter.
CVE-2018-8048 3 Debian, Loofah Project, Redhat 3 Debian Linux, Loofah, Cloudforms Managementengine 2024-11-21 N/A
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
CVE-2018-8047 1 Vtiger 1 Vtiger Crm 2024-11-21 N/A
vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter).
CVE-2018-8046 1 Sencha 1 Ext Js 2024-11-21 N/A
The getTip() method of Action Columns of Sencha Ext JS 4 to 6 before 6.6.0 is vulnerable to XSS attacks, even when passed HTML-escaped data. This framework brings no built-in XSS protection, so the developer has to ensure that data is correctly sanitized. However, the getTip() method of Action Columns takes HTML-escaped data and un-escapes it. If the tooltip contains user-controlled data, an attacker could exploit this to create a cross-site scripting attack, even when developers took precautions and escaped data.