Export limit exceeded: 10330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342091 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10445 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10445 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | ||||
| CVE-2018-20822 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 6.5 Medium |
| LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). | ||||
| CVE-2018-20821 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 6.5 Medium |
| The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). | ||||
| CVE-2018-20796 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | N/A |
| In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. | ||||
| CVE-2018-20733 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | N/A |
| BI Web Services in SAS Web Infrastructure Platform before 9.4M6 allows XXE. | ||||
| CVE-2018-20698 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. | ||||
| CVE-2018-20687 | 1 Raritan | 1 Commandcenter Secure Gateway | 2024-11-21 | 9.8 Critical |
| An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-20664 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license. | ||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.5 Medium |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | ||||
| CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 6.5 Medium |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | ||||
| CVE-2018-20551 | 3 Canonical, Freedesktop, Redhat | 3 Ubuntu Linux, Poppler, Enterprise Linux | 2024-11-21 | N/A |
| A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | ||||
| CVE-2018-20433 | 2 Debian, Mchange | 2 Debian Linux, C3p0 | 2024-11-21 | N/A |
| c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization. | ||||
| CVE-2018-20405 | 1 Bigtreecms | 1 Bigtree | 2024-11-21 | 2.7 Low |
| BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue -- you already have full control of the CMS including running arbitrary PHP. | ||||
| CVE-2018-20321 | 1 Suse | 1 Rancher | 2024-11-21 | N/A |
| An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the default namespace in a separate project, where only cluster admins can be given permissions to access. As of 2018-12-20, this bug affected ALL clusters created or imported by Rancher. | ||||
| CVE-2018-20318 | 1 Wxjava Project | 1 Wxjava | 2024-11-21 | N/A |
| An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. | ||||
| CVE-2018-20298 | 1 S3browser | 1 S3 Browser | 2024-11-21 | N/A |
| S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol. | ||||
| CVE-2018-20251 | 1 Rarlab | 1 Winrar | 2024-11-21 | N/A |
| In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folders everywhere in the file system. | ||||
| CVE-2018-20237 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 6.5 Medium |
| Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature. | ||||
| CVE-2018-20233 | 1 Atlassian | 1 Universal Plugin Manager | 2024-11-21 | N/A |
| The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR. | ||||
| CVE-2018-20222 | 1 Airsonic Project | 1 Airsonic | 2024-11-21 | N/A |
| XXE issue in Airsonic before 10.1.2 during parse. | ||||