Search Results (83065 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-6797 4 Canonical, Debian, Perl and 1 more 6 Ubuntu Linux, Debian Linux, Perl and 3 more 2024-11-21 N/A
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
CVE-2018-6796 1 Multilanguage Real Estate Mlm Script Project 1 Multilanguage Real Estate Mlm Script 2024-11-21 N/A
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input field.
CVE-2018-6795 1 Naukri Clone Script Project 1 Naukri Clone Script 2024-11-21 N/A
PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every profile input field.
CVE-2018-6791 2 Debian, Kde 2 Debian Linux, Plasma-workspace 2024-11-21 N/A
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
CVE-2018-6758 1 Unbit 1 Uwsgi 2024-11-21 N/A
The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through 2.0.15 has a stack-based buffer overflow via a large directory length.
CVE-2018-6755 2 Mcafee, Microsoft 2 True Key, Windows 2024-11-21 N/A
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
CVE-2018-6692 1 Belkin 2 Wemo Insight Smart Plug, Wemo Insight Smart Plug Firmware 2024-11-21 10.0 Critical
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.
CVE-2018-6682 1 Mcafee 1 True Key 2024-11-21 6.1 Medium
Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.
CVE-2018-6681 1 Mcafee 1 Network Security Manager 2024-11-21 5.4 Medium
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
CVE-2018-6662 2 Apple, Mcafee 2 Mac Os X, Management Of Native Encryption 2024-11-21 7.8 High
Privilege Escalation vulnerability in McAfee Management of Native Encryption (MNE) before 4.1.4 allows local users to gain elevated privileges via a crafted user input.
CVE-2018-6659 1 Mcafee 1 Epolicy Orchestrator 2024-11-21 N/A
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
CVE-2018-6655 1 Doctor Search Script Project 1 Doctor Search Script 2024-11-21 N/A
PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an arbitrary profile field.
CVE-2018-6643 1 Infoblox 1 Netmri 2024-11-21 N/A
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
CVE-2018-6640 1 Wiris 1 Mathtype 2024-11-21 9.8 Critical
A Heap Overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can modify the next pointer of a linked list. This is fixed in 6.9d.
CVE-2018-6639 1 Wiris 1 Mathtype 2024-11-21 9.8 Critical
An out-of-bounds write (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. A size used by memmove is read from the input file. This is fixed in 6.9d.
CVE-2018-6638 1 Wiris 1 Mathtype 2024-11-21 9.8 Critical
A stack-based buffer overflow (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. This occurs in a function call in which the first argument is a corrupted offset value and the second argument is a stack buffer. This is fixed in 6.9d.
CVE-2018-6623 1 Hola 1 Vpn 2024-11-21 N/A
An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists because of the SERVICE_ALL_ACCESS access right for the hola_svc and hola_updater services.
CVE-2018-6606 1 Malwarefox 1 Antimalware 2024-11-21 N/A
An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper access control in zam32.sys and zam64.sys allows a non-privileged process to register itself with the driver by sending IOCTL 0x80002010 and then using IOCTL 0x8000204C to \\.\ZemanaAntiMalware to elevate privileges.
CVE-2018-6603 1 Promise 1 Webpam Proe 2024-11-21 N/A
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response Splitting, and CRLF Injection attacks via JavaScript code in a PHPSESSID cookie.
CVE-2018-6598 1 Orbic 2 Wonder Rc555l, Wonder Rc555l Firmware 2024-11-21 N/A
An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices. Any app co-located on the device can send an intent to factory reset the device programmatically because of com.android.server.MasterClearReceiver. This does not require any user interaction and does not require any permission to perform. A factory reset will remove all user data from the device. This will result in the loss of any data that the user has not backed up or synced externally. This capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves), although this capability is present in an unprotected component of the Android OS. This vulnerability is not present in Google's Android Open Source Project (AOSP) code. Therefore, it was introduced by Orbic or another entity in the supply chain.