Total
324390 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17433 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file. | ||||
| CVE-2018-17432 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | N/A |
| A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. | ||||
| CVE-2018-17431 | 1 Comodo | 1 Unified Threat Management Firewall | 2024-11-21 | 9.8 Critical |
| Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. | ||||
| CVE-2018-17429 | 1 Jtbc | 1 Jtbc | 2024-11-21 | N/A |
| /console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF for adding an administrator account. | ||||
| CVE-2018-17428 | 1 Nexusfi | 1 Opac Easyweb Five | 2024-11-21 | N/A |
| An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter. | ||||
| CVE-2018-17427 | 1 Simdcomp Project | 1 Simdcomp | 2024-11-21 | N/A |
| SIMDComp before 0.1.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) because it can read (and then discard) extra bytes. | ||||
| CVE-2018-17423 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| An issue was discovered in e107 v2.1.9. There is a XSS attack on e107_admin/comment.php. | ||||
| CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | ||||
| CVE-2018-17421 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname. | ||||
| CVE-2018-17420 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter. | ||||
| CVE-2018-17419 | 2 Dns Library Project, Redhat | 2 Dns Library, Openshift | 2024-11-21 | 7.5 High |
| An issue was discovered in setTA in scan_rr.go in the Miek Gieben DNS library before 1.0.10 for Go. A dns.ParseZone() parsing error causes a segmentation violation, leading to denial of service. | ||||
| CVE-2018-17418 | 1 Monstra | 1 Monstra | 2024-11-21 | N/A |
| Monstra CMS 3.0.4 allows remote attackers to execute arbitrary PHP code via a mixed-case file extension, as demonstrated by the 123.PhP filename, because plugins\box\filesmanager\filesmanager.admin.php mishandles the forbidden_types variable. | ||||
| CVE-2018-17416 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | ||||
| CVE-2018-17415 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | ||||
| CVE-2018-17414 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | ||||
| CVE-2018-17413 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. | ||||
| CVE-2018-17412 | 1 Zzcms | 1 Zzcms | 2024-11-21 | N/A |
| zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. | ||||
| CVE-2018-17411 | 1 Informationbuilders | 1 Data Quality Suite | 2024-11-21 | N/A |
| An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20. | ||||
| CVE-2018-17410 | 1 Horus Cms Project | 1 Horus Cms | 2024-11-21 | 9.8 Critical |
| Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI. | ||||
| CVE-2018-17408 | 1 Zahiraccounting | 1 Zahir Enterprise Plus | 2024-11-21 | N/A |
| Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu. | ||||