Search Results (82968 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20814 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Policy Secure 2024-11-21 N/A
An XSS issue was found with Psaldownload.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.3R2 before 8.3R2 and Pulse Policy Secure (PPS) 5.4RX before 5.4R2. This is not applicable to PCS 8.1RX or PPS 5.2RX.
CVE-2018-20808 1 Ivanti 1 Connect Secure 2024-11-21 N/A
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
CVE-2018-20807 1 Ivanti 1 Connect Secure 2024-11-21 N/A
An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.
CVE-2018-20806 1 Phamm 1 Phamm 2024-11-21 N/A
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2018-20798 1 Netgate 1 Pfsense 2024-11-21 N/A
The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions.
CVE-2018-20791 1 Tecrail 1 Responsive Filemanager 2024-11-21 N/A
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
CVE-2018-20778 1 Frog Cms Project 1 Frog Cms 2024-11-21 N/A
admin/?/plugin/file_manager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element.
CVE-2018-20777 1 Frog Cms Project 1 Frog Cms 2024-11-21 N/A
Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit/1 Body field.
CVE-2018-20774 1 Frog Cms Project 1 Frog Cms 2024-11-21 N/A
Frog CMS 0.9.5 has XSS via the admin/?/layout/edit/1 Body field.
CVE-2018-20763 3 Canonical, Debian, Gpac Project 3 Ubuntu Linux, Debian Linux, Gpac 2024-11-21 N/A
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking.
CVE-2018-20760 3 Canonical, Debian, Gpac 3 Ubuntu Linux, Debian Linux, Gpac 2024-11-21 N/A
In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled.
CVE-2018-20758 1 Modx 1 Modx Revolution 2024-11-21 5.4 Medium
MODX Revolution through v2.7.0-pl allows XSS via User Settings such as Description.
CVE-2018-20757 1 Modx 1 Modx Revolution 2024-11-21 N/A
MODX Revolution through v2.7.0-pl allows XSS via an extended user field such as Container name or Attribute name.
CVE-2018-20756 1 Modx 1 Modx Revolution 2024-11-21 N/A
MODX Revolution through v2.7.0-pl allows XSS via a document resource (such as pagetitle), which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs.
CVE-2018-20755 1 Modx 1 Modx Revolution 2024-11-21 N/A
MODX Revolution through v2.7.0-pl allows XSS via the User Photo field.
CVE-2018-20750 4 Canonical, Debian, Libvnc Project and 1 more 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more 2024-11-21 9.8 Critical
LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
CVE-2018-20749 4 Canonical, Debian, Libvnc Project and 1 more 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more 2024-11-21 9.8 Critical
LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete.
CVE-2018-20748 4 Canonical, Debian, Libvnc Project and 1 more 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more 2024-11-21 9.8 Critical
LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete.
CVE-2018-20742 1 Ucbrise 1 Opaque 2024-11-21 N/A
An issue was discovered in UC Berkeley RISE Opaque before 2018-12-01. There is no boundary check on ocall_malloc. The return value could be a pointer to enclave memory. It could cause an arbitrary enclave memory write.
CVE-2018-20737 1 Wso2 3 Api Manager, Identity Server, Identity Server As Key Manager 2024-11-21 N/A
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.