Total
323530 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-14058 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | ||||
| CVE-2018-14057 | 1 Pimcore | 1 Pimcore | 2024-11-21 | N/A |
| Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function. | ||||
| CVE-2018-14056 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-11-21 | N/A |
| ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. | ||||
| CVE-2018-14055 | 2 Debian, Znc | 2 Debian Linux, Znc | 2024-11-21 | N/A |
| ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. | ||||
| CVE-2018-14054 | 1 Techsmith | 1 Mp4v2 | 2024-11-21 | N/A |
| A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered. | ||||
| CVE-2018-14052 | 1 Libwav Project | 1 Libwav | 2024-11-21 | N/A |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c. | ||||
| CVE-2018-14051 | 1 Libwav Project | 1 Libwav | 2024-11-21 | N/A |
| The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop. | ||||
| CVE-2018-14050 | 1 Libwav Project | 1 Libwav | 2024-11-21 | N/A |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c. | ||||
| CVE-2018-14049 | 1 Libwav Project | 1 Libwav | 2024-11-21 | N/A |
| An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c. | ||||
| CVE-2018-14048 | 2 Libpng, Oracle | 3 Libpng, Jdk, Jre | 2024-11-21 | 6.5 Medium |
| An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. | ||||
| CVE-2018-14047 | 1 Pngwriter Project | 1 Pngwriter | 2024-11-21 | N/A |
| An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file | ||||
| CVE-2018-14046 | 2 Exiv2, Redhat | 2 Exiv2, Enterprise Linux | 2024-11-21 | N/A |
| Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp. | ||||
| CVE-2018-14045 | 1 Surina | 1 Soundtouch | 2024-11-21 | N/A |
| The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | ||||
| CVE-2018-14044 | 1 Surina | 1 Soundtouch | 2024-11-21 | N/A |
| The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | ||||
| CVE-2018-14043 | 1 Monetra | 1 Mstdlib | 2024-11-21 | N/A |
| mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) during a copy operation, related to fs/m_fs.c and fs/m_fs_path.c. An attacker could create the file and then would have access to the data. | ||||
| CVE-2018-14042 | 2 Getbootstrap, Redhat | 6 Bootstrap, Enterprise Linux, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | N/A |
| In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | ||||
| CVE-2018-14041 | 2 Getbootstrap, Redhat | 4 Bootstrap, Ceph Storage, Jboss Enterprise Application Platform and 1 more | 2024-11-21 | N/A |
| In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. | ||||
| CVE-2018-14040 | 3 Debian, Getbootstrap, Redhat | 6 Debian Linux, Bootstrap, Enterprise Linux and 3 more | 2024-11-21 | N/A |
| In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | ||||
| CVE-2018-14037 | 1 Progress | 1 Kendo Ui | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload gets executed. Furthermore, if the payload is reflected at any other resource that does rely on the sanitisation of the editor itself, the JavaScript payload will be executed in the context of the application. This allows attackers (in the worst case) to take over user sessions. | ||||
| CVE-2018-14036 | 2 Freedesktop, Redhat | 2 Accountsservice, Enterprise Linux | 2024-11-21 | N/A |
| Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c. | ||||