Total
322219 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11237 | 5 Canonical, Gnu, Netapp and 2 more | 11 Ubuntu Linux, Glibc, Data Ontap Edge and 8 more | 2024-11-21 | 7.8 High |
| An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. | ||||
| CVE-2018-11236 | 4 Gnu, Netapp, Oracle and 1 more | 10 Glibc, Data Ontap Edge, Element Software Management and 7 more | 2024-11-21 | N/A |
| stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. | ||||
| CVE-2018-11235 | 5 Canonical, Debian, Git-scm and 2 more | 10 Ubuntu Linux, Debian Linux, Git and 7 more | 2024-11-21 | N/A |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | ||||
| CVE-2018-11233 | 3 Canonical, Git-scm, Redhat | 3 Ubuntu Linux, Git, Rhel Software Collections | 2024-11-21 | N/A |
| In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. | ||||
| CVE-2018-11232 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable. | ||||
| CVE-2018-11231 | 1 Divido | 1 Divido | 2024-11-21 | N/A |
| In the Divido plugin for OpenCart, there is SQL injection. Attackers can use SQL injection to get some confidential information. | ||||
| CVE-2018-11230 | 1 Jbig2enc Project | 1 Jbig2enc | 2024-11-21 | N/A |
| jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file. | ||||
| CVE-2018-11229 | 1 Crestron | 8 Crestron Toolbox Protocol Firmware, Dmc-str, Tsw-1060 and 5 more | 2024-11-21 | N/A |
| Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via command injection in Crestron Toolbox Protocol (CTP). | ||||
| CVE-2018-11228 | 1 Crestron | 8 Crestron Toolbox Protocol Firmware, Dmc-str, Tsw-1060 and 5 more | 2024-11-21 | N/A |
| Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP). | ||||
| CVE-2018-11227 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | N/A |
| Monstra CMS 3.0.4 and earlier has XSS via index.php. | ||||
| CVE-2018-11226 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-11225 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | ||||
| CVE-2018-11224 | 1 Libav | 1 Libav | 2024-11-21 | N/A |
| An issue was discovered in Libav 12.3. A read access violation in the in_table_init16 function in libavcodec/aacsbr.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. | ||||
| CVE-2018-11223 | 1 Pandorafms | 1 Artica Pandora Fms | 2024-11-21 | N/A |
| XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call. | ||||
| CVE-2018-11222 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A |
| Local File Inclusion (LFI) in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandora_console/ajax.php ajax endpoint. | ||||
| CVE-2018-11221 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A |
| Unauthenticated untrusted file upload in Artica Pandora FMS through version 7.23 allows an attacker to upload an arbitrary plugin via include/ajax/update_manager.ajax in the update system. | ||||
| CVE-2018-11220 | 1 Bitmain | 6 Antminer D3, Antminer D3 Firmware, Antminer L3\+ and 3 more | 2024-11-21 | N/A |
| Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution via the system restore function. | ||||
| CVE-2018-11219 | 4 Debian, Oracle, Redhat and 1 more | 5 Debian Linux, Communications Operations Monitor, Openstack and 2 more | 2024-11-21 | N/A |
| An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. | ||||
| CVE-2018-11218 | 4 Debian, Oracle, Redhat and 1 more | 5 Debian Linux, Communications Operations Monitor, Openstack and 2 more | 2024-11-21 | N/A |
| Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. | ||||
| CVE-2018-11215 | 1 Cloudera | 1 Data Science Workbench | 2024-11-21 | N/A |
| Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors. | ||||