Search Results (83043 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-5817 2 Debian, Libraw 2 Debian Linux, Libraw 2024-11-21 N/A
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
CVE-2018-5810 2 Canonical, Libraw 2 Ubuntu Linux, Libraw 2024-11-21 N/A
An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2018-5809 1 Libraw 1 Libraw 2024-11-21 N/A
An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2018-5808 2 Debian, Libraw 2 Debian Linux, Libraw 2024-11-21 N/A
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2018-5805 2 Libraw, Redhat 5 Libraw, Enterprise Linux, Enterprise Linux Desktop and 2 more 2024-11-21 N/A
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVE-2018-5804 1 Libraw 1 Libraw 2024-11-21 N/A
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
CVE-2018-5800 4 Canonical, Debian, Libraw and 1 more 7 Ubuntu Linux, Debian Linux, Libraw and 4 more 2024-11-21 6.5 Medium
An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2018-5799 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-11-21 N/A
In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139.
CVE-2018-5798 1 Cloudera 1 Cloudera Manager 2024-11-21 N/A
This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager.
CVE-2018-5797 1 Extremenetworks 1 Extremewireless Wing 2024-11-21 N/A
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is an Smint_encrypt Hardcoded AES Key that can be used for packet decryption (obtaining cleartext credentials) by an attacker who has access to a wired port.
CVE-2018-5793 1 Extremewireless 1 Wing 2024-11-21 N/A
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
CVE-2018-5792 1 Extremewireless 1 Wing 2024-11-21 N/A
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
CVE-2018-5791 1 Extremewireless 1 Wing 2024-11-21 N/A
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Heap Overflow in the HSD Process over the MINT (Media Independent Tunnel) Protocol on the WiNG Access Point via crafted packets.
CVE-2018-5787 1 Extremenetworks 1 Extremewireless Wing 2024-11-21 N/A
An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM (Radio Interface Module) process running on the WiNG Access Point via crafted packets.
CVE-2018-5783 1 Podofo Project 1 Podofo 2024-11-21 N/A
In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.
CVE-2018-5776 1 Wordpress 1 Wordpress 2024-11-21 N/A
WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).
CVE-2018-5773 1 Python-markdown2 Project 1 Python-markdown2 2024-11-21 N/A
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5. The safe_mode feature, which is supposed to sanitize user input against XSS, is flawed and does not escape the input properly. With a crafted payload, XSS can be triggered, as demonstrated by omitting the final '>' character from an IMG tag.
CVE-2018-5768 1 Tendacn 2 Ac15, Ac15 Firmware 2024-11-21 N/A
A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.
CVE-2018-5764 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Rsync 2024-11-21 7.5 High
The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism.
CVE-2018-5757 1 Audiocodes 2 420hd Ip Phone, 420hd Ip Phone Firmware 2024-11-21 N/A
An issue was discovered on AudioCodes 450HD IP Phone devices with firmware 3.0.0.535.106. The traceroute and ping functionality, which uses a parameter in a request to command.cgi from the Monitoring page in the web UI, unsafely puts user-alterable data directly into an OS command, leading to Remote Code Execution via shell metacharacters in the query string.