Export limit exceeded: 360138 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360138 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7544 | 1 Openvpn | 1 Openvpn | 2024-11-21 | N/A |
| A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning | ||||
| CVE-2018-7542 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
| An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH guest OS users to cause a denial of service (NULL pointer dereference and hypervisor crash) by leveraging the mishandling of configurations that lack a Local APIC. | ||||
| CVE-2018-7541 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
| An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. | ||||
| CVE-2018-7540 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | N/A |
| An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing. | ||||
| CVE-2018-7539 | 1 Appeartv | 4 Xc5000, Xc5000 Firmware, Xc5100 and 1 more | 2024-11-21 | N/A |
| On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is possible to read OS files with a specially crafted HTTP request (such as GET /../../../../../../../../../../../../etc/passwd) to the web server (fuzzd/0.1.1) running the Maintenance Center on port TCP/8088. This can lead to full compromise of the device. | ||||
| CVE-2018-7538 | 1 Enalean | 1 Tuleap | 2024-11-21 | N/A |
| A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands. | ||||
| CVE-2018-7537 | 4 Canonical, Debian, Djangoproject and 1 more | 6 Ubuntu Linux, Debian Linux, Django and 3 more | 2024-11-21 | N/A |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | ||||
| CVE-2018-7536 | 4 Canonical, Debian, Djangoproject and 1 more | 7 Ubuntu Linux, Debian Linux, Django and 4 more | 2024-11-21 | N/A |
| An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | ||||
| CVE-2018-7535 | 1 Totalav | 1 Totalav | 2024-11-21 | N/A |
| An issue was discovered in TotalAV v4.1.7. An unprivileged user could modify or overwrite all of the product's files because of weak permissions (Everyone:F) under %PROGRAMFILES%, which allows local users to gain privileges or obtain maximum control over the product. | ||||
| CVE-2018-7534 | 1 Unisys | 1 Stealth Authorization Server | 2024-11-21 | N/A |
| In Stealth Authorization Server before 3.3.017.0 in Unisys Stealth Solution, an encryption key may be left in memory. | ||||
| CVE-2018-7533 | 1 Osisoft | 1 Pi Data Archive | 2024-11-21 | N/A |
| An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Insecure default configuration may allow escalation of privileges that gives the actor full control over the system. | ||||
| CVE-2018-7532 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2024-11-21 | N/A |
| Unauthentication vulnerabilities have been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow remote code execution. | ||||
| CVE-2018-7531 | 1 Osisoft | 1 Pi Data Archive | 2024-11-21 | N/A |
| An Improper Input Validation issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may use unvalidated custom requests to crash the server. | ||||
| CVE-2018-7530 | 1 Omron | 7 Cx-flnet, Cx-one, Cx-programmer and 4 more | 2024-11-21 | N/A |
| Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may allow the pointer to call an incorrect object resulting in an access of resource using incompatible type condition. | ||||
| CVE-2018-7529 | 1 Osisoft | 1 Pi Data Archive | 2024-11-21 | N/A |
| A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Unauthenticated users may modify deserialized data to send custom requests that crash the server. | ||||
| CVE-2018-7528 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2024-11-21 | N/A |
| An SQL injection vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an attacker to alter stored data. | ||||
| CVE-2018-7527 | 1 We-con | 3 Levistudio Hmi Editor, Levistudiou, Pi Studio Hmi Project Programmer | 2024-11-21 | N/A |
| A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file. | ||||
| CVE-2018-7526 | 1 Beaconmedaes | 2 Scroll Medical Air Systems, Scroll Medical Air Systems Firmware | 2024-11-21 | N/A |
| In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. | ||||
| CVE-2018-7525 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed packet by a certain executable may cause an untrusted pointer dereference vulnerability. | ||||
| CVE-2018-7524 | 1 Geutebrueck | 4 G-cam\/efd-2250, G-cam\/efd-2250 Firmware, Topfd-2125 and 1 more | 2024-11-21 | N/A |
| A cross-site request forgery vulnerability has been identified in Geutebruck G-Cam/EFD-2250 Version 1.12.0.4 and Topline TopFD-2125 Version 3.15.1 IP cameras, which may allow an unauthorized user to be added to the system. | ||||