Total
323682 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15176 | 1 Xnview | 1 Xnview | 2024-11-21 | N/A |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file. | ||||
| CVE-2018-15175 | 1 Xnview | 1 Xnview | 2024-11-21 | N/A |
| XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file. | ||||
| CVE-2018-15174 | 1 Xnview | 1 Xnview | 2024-11-21 | N/A |
| XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file. | ||||
| CVE-2018-15173 | 1 Nmap | 1 Nmap | 2024-11-21 | N/A |
| Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. | ||||
| CVE-2018-15172 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | N/A |
| TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. | ||||
| CVE-2018-15169 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. | ||||
| CVE-2018-15168 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | N/A |
| A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | ||||
| CVE-2018-15161 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15160 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15159 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15158 | 1 Libesedb Project | 1 Libesedb | 2024-11-21 | N/A |
| The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15157 | 1 Libfsclfs Project | 1 Libfsclfs | 2024-11-21 | N/A |
| The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments | ||||
| CVE-2018-15156 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. | ||||
| CVE-2018-15155 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the "hylafax_enscript" global variable in interface/super/edit_globals.php. | ||||
| CVE-2018-15154 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the "print_command" global variable in interface/super/edit_globals.php. | ||||
| CVE-2018-15153 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the "hylafax_server" global variable in interface/super/edit_globals.php. | ||||
| CVE-2018-15152 | 1 Open-emr | 1 Openemr | 2024-11-21 | 9.1 Critical |
| Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient. | ||||
| CVE-2018-15151 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. | ||||
| CVE-2018-15150 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php. | ||||
| CVE-2018-15149 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A |
| SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter. | ||||