Search Results (83038 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-5268 2 Debian, Opencv 2 Debian Linux, Opencv 2024-11-21 5.5 Medium
In OpenCV 3.3.1, a heap-based buffer overflow happens in cv::Jpeg2KDecoder::readComponent8u in modules/imgcodecs/src/grfmt_jpeg2000.cpp when parsing a crafted image file.
CVE-2018-5265 1 Ui 2 Edgeos, Erlite-3 2024-11-21 N/A
Ubiquiti EdgeOS 1.9.1 on EdgeRouter Lite devices allows remote attackers to execute arbitrary code with admin credentials, because /opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def does not sanitize the 'alias' or 'ips' parameter for shell metacharacters.
CVE-2018-5263 1 Stackideas 1 Easydiscuss 2024-11-21 N/A
The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before 4.0.21 for Joomla! allows XSS.
CVE-2018-5262 1 Flexense 1 Diskboss 2024-11-21 N/A
A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier allows unauthenticated remote attackers to execute arbitrary code in the context of a highly privileged account.
CVE-2018-5249 1 Shaarli Project 1 Shaarli 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).
CVE-2018-5247 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2024-11-21 N/A
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c.
CVE-2018-5246 2 Canonical, Imagemagick 2 Ubuntu Linux, Imagemagick 2024-11-21 N/A
In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c.
CVE-2018-5233 1 Getgrav 1 Grav Cms 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
CVE-2018-5232 1 Atlassian 2 Jira, Jira Server 2024-11-21 N/A
The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter.
CVE-2018-5230 1 Atlassian 2 Jira, Jira Server 2024-11-21 N/A
The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4 and from version 7.9.0 before version 7.9.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the error message of custom fields when an invalid value is specified.
CVE-2018-5229 1 Atlassian 1 Universal Plugin Manager 2024-11-21 N/A
The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names.
CVE-2018-5228 1 Atlassian 2 Crucible, Fisheye 2024-11-21 N/A
The /browse/~raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the handling of response headers.
CVE-2018-5227 1 Atlassian 1 Application Links 2024-11-21 N/A
Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link.
CVE-2018-5216 1 Radiantcms 1 Radiant Cms 2024-11-21 N/A
Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource.
CVE-2018-5215 1 Fork-cms 1 Fork Cms 2024-11-21 N/A
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
CVE-2018-5214 1 Add Link To Facebook Project 1 Add Link To Facebook 2024-11-21 N/A
The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.
CVE-2018-5213 1 Simple Download Monitor Project 1 Simple Download Monitor 2024-11-21 N/A
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php.
CVE-2018-5212 1 Simple Download Monitor Project 1 Simple Download Monitor 2024-11-21 N/A
The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php.
CVE-2018-5210 1 Samsung 1 Samsung Mobile 2024-11-21 N/A
On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.
CVE-2018-5201 1 Hancom 4 Hancom Office 2010, Hancom Office 2014, Hancom Office 2018 and 1 more 2024-11-21 N/A
Hancom Office 2018 10.0.0.8214 and earlier, Hancom Office NEO 9.6.1.10472 and earlier, Hancom Office 2014 9.1.1.4540 and earlier, Hancom Office 2010 8.5.8.1724 and earlier versions have a heap overflow vulnerability when handling Compound File in document. This result in a program crash or denial of service conditions.