Total
324371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17101 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | ||||
| CVE-2018-17100 | 4 Canonical, Debian, Libtiff and 1 more | 4 Ubuntu Linux, Debian Linux, Libtiff and 1 more | 2024-11-21 | N/A |
| An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | ||||
| CVE-2018-17098 | 1 Surina | 1 Soundtouch | 2024-11-21 | N/A |
| The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. | ||||
| CVE-2018-17097 | 1 Surina | 1 Soundtouch | 2024-11-21 | N/A |
| The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact, as demonstrated by SoundStretch. | ||||
| CVE-2018-17096 | 1 Surina | 1 Soundtouch | 2024-11-21 | N/A |
| The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | ||||
| CVE-2018-17092 | 1 I4a | 1 Donlinkage | 2024-11-21 | N/A |
| An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user. | ||||
| CVE-2018-17091 | 1 I4a | 1 Donlinkage | 2024-11-21 | N/A |
| An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt. | ||||
| CVE-2018-17090 | 1 I4a | 1 Donlinkage | 2024-11-21 | N/A |
| An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing <textarea> followed by <script></script> tags. | ||||
| CVE-2018-17088 | 1 Jhead Project | 1 Jhead | 2024-11-21 | N/A |
| The ProcessGpsInfo function of the gpsinfo.c file of jhead 3.00 may allow a remote attacker to cause a denial-of-service attack or unspecified other impact via a malicious JPEG file, because there is an integer overflow during a check for whether a location exceeds the EXIF data length. This is analogous to the CVE-2016-3822 integer overflow in exif.c. This gpsinfo.c vulnerability is unrelated to the CVE-2018-16554 gpsinfo.c vulnerability. | ||||
| CVE-2018-17086 | 1 Otcms | 1 Otcms | 2024-11-21 | N/A |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/share_switch.php via these parameters: fieldName fieldName2 tabName. | ||||
| CVE-2018-17085 | 1 Otcms | 1 Otcms | 2024-11-21 | N/A |
| An issue was discovered in OTCMS 3.61. XSS exists in admin/users.php via these parameters: dataTypeCN dataMode dataModeStr. | ||||
| CVE-2018-17082 | 4 Debian, Netapp, Php and 1 more | 4 Debian Linux, Storage Automation Store, Php and 1 more | 2024-11-21 | N/A |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | ||||
| CVE-2018-17081 | 1 E107 | 1 E107 | 2024-11-21 | N/A |
| e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page. | ||||
| CVE-2018-17079 | 1 Zrlog | 1 Zrlog | 2024-11-21 | N/A |
| An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area. | ||||
| CVE-2018-17077 | 1 Yiqicms Project | 1 Yiqicms | 2024-11-21 | N/A |
| An issue was discovered in yiqicms through 2016-11-20. There is stored XSS in comment.php because a length limit can be bypassed. | ||||
| CVE-2018-17076 | 1 Logological | 1 General-purpose Preprocessor | 2024-11-21 | N/A |
| GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file. | ||||
| CVE-2018-17075 | 2 Fedoraproject, Golang | 2 Fedora, Net | 2024-11-21 | 7.5 High |
| The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or <template><marquee>. This is related to HTMLTreeBuilder.cpp in WebKit. | ||||
| CVE-2018-17074 | 1 Feed Statistics Project | 1 Feed Statistics | 2024-11-21 | N/A |
| The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. | ||||
| CVE-2018-17073 | 1 Bitmap Project | 1 Bitmap | 2024-11-21 | N/A |
| wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image. | ||||
| CVE-2018-17072 | 1 Json\+\+ Project | 1 Json\+\+ | 2024-11-21 | N/A |
| JSON++ through 2016-06-15 has a buffer over-read in yyparse() in json.y. | ||||