Search Results (82925 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20372 1 Tp-link 2 Td-w8961nd, Td-w8961nd Firmware 2024-11-21 N/A
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.
CVE-2018-20370 1 The-sz 1 Netchat 2024-11-21 N/A
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. Attackers are able to inject commands to compromise the enabled HTTP server web frontend.
CVE-2018-20369 1 Barracuda 1 Message Archiver 2024-11-21 N/A
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. The injection point of the issue is the Add_Update module.
CVE-2018-20368 1 Averta 1 Master Slider 2024-11-21 N/A
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
CVE-2018-20367 1 Wstmart 1 Wstmart 2024-11-21 N/A
The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI.
CVE-2018-20365 1 Libraw 1 Libraw 2024-11-21 N/A
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
CVE-2018-20351 1 Evernote 1 Evernote 2024-11-21 N/A
The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832.
CVE-2018-20339 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 N/A
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
CVE-2018-20337 2 Libraw, Redhat 2 Libraw, Enterprise Linux 2024-11-21 N/A
There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
CVE-2018-20334 1 Asus 47 Asuswrt, Gt-ac2900, Gt-ac5300 and 44 more 2024-11-21 9.8 Critical
An issue was discovered in ASUSWRT 3.0.0.4.384.20308. When processing the /start_apply.htm POST data, there is a command injection issue via shell metacharacters in the fb_email parameter. By using this issue, an attacker can control the router and get shell.
CVE-2018-20330 1 Libjpeg-turbo 1 Libjpeg-turbo 2024-11-21 N/A
The tjLoadImage function in libjpeg-turbo 2.0.1 has an integer overflow with a resultant heap-based buffer overflow via a BMP image because multiplication of pitch and height is mishandled, as demonstrated by tjbench.
CVE-2018-20328 1 Chamilo 1 Chamilo Lms 2024-11-21 N/A
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
CVE-2018-20327 1 Chamilo 1 Chamilo Lms 2024-11-21 N/A
Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
CVE-2018-20326 1 Chinamobile 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware 2024-11-21 N/A
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
CVE-2018-20323 1 Mailcleaner 1 Mailcleaner 2024-11-21 N/A
www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.
CVE-2018-20322 1 Limesurvey 1 Limesurvey 2024-11-21 N/A
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
CVE-2018-20316 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 8.1 High
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.
CVE-2018-20314 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 8.1 High
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
CVE-2018-20313 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 8.1 High
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read.
CVE-2018-20312 1 Foxitsoftware 2 Phantompdf, Reader 2024-11-21 8.1 High
Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode.