Search Results (82920 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-20124 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2024-11-21 5.5 Medium
hw/rdma/rdma_backend.c in QEMU allows guest OS users to trigger out-of-bounds access via a PvrdmaSqWqe ring element with a large num_sge value.
CVE-2018-20123 3 Canonical, Fedoraproject, Qemu 3 Ubuntu Linux, Fedora, Qemu 2024-11-21 5.5 Medium
pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak after an initialisation error.
CVE-2018-20122 1 Fastweb 2 Fastgate, Fastgate Firmware 2024-11-21 N/A
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability.
CVE-2018-20121 1 Podcastgenerator 1 Podcast Generator 2024-11-21 N/A
Podcast Generator 2.7 has stored cross-site scripting (XSS) via the URL addcategory parameter.
CVE-2018-20114 1 Dlink 4 Dir-818lw, Dir-818lw Firmware, Dir-860l and 1 more 2024-11-21 9.8 Critical
On D-Link DIR-818LW Rev.A 2.05.B03 and DIR-860L Rev.B 2.03.B03 devices, unauthenticated remote OS command execution can occur in the soap.cgi service of the cgibin binary via an "&&" substring in the service parameter. NOTE: this issue exists because of an incomplete fix for CVE-2018-6530.
CVE-2018-20106 1 Opensuse 1 Yast2-printer 2024-11-21 N/A
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.
CVE-2018-20101 1 Codection 1 Import Users From Csv With Meta 2024-11-21 N/A
The codection "Import users from CSV with meta" plugin before 1.12.1 for WordPress allows XSS via the value of a cell.
CVE-2018-20095 1 Axiosys 1 Bento4 2024-11-21 N/A
An issue was discovered in EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls.
CVE-2018-20071 1 Google 1 Chrome 2024-11-21 N/A
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
CVE-2018-20057 2 D-link, Dlink 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more 2024-11-21 N/A
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter.
CVE-2018-20056 2 D-link, Dlink 4 Dir-605l Firmware, Dir-619l Firmware, Dir-605l and 1 more 2024-11-21 N/A
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter.
CVE-2018-20033 2 Flexera, Oracle 2 Flexnet Publisher, Communications Lsms 2024-11-21 9.8 Critical
A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.
CVE-2018-20020 3 Canonical, Debian, Libvnc Project 3 Ubuntu Linux, Debian Linux, Libvncserver 2024-11-21 N/A
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution
CVE-2018-20019 4 Canonical, Debian, Libvnc Project and 1 more 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more 2024-11-21 9.8 Critical
LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution
CVE-2018-20017 1 Sem-cms 1 Semcms 2024-11-21 N/A
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.
CVE-2018-20012 1 Phpcmf 1 Phpcmf 2024-11-21 N/A
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
CVE-2018-20011 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
CVE-2018-20010 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
CVE-2018-20009 1 Domainmod 1 Domainmod 2024-11-21 N/A
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
CVE-2018-20008 1 Iball 2 Ib-wrb302n, Ib-wrb302n Firmware 2024-11-21 6.8 Medium
iBall Baton iB-WRB302N20122017 devices have improper access control over the UART interface, allowing physical attackers to discover Wi-Fi credentials (plain text) and the web-console password (base64) via the debugging console.