Total
323560 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-11509 | 1 Asustor | 1 Asustor Data Master | 2024-11-21 | N/A |
| ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. | ||||
| CVE-2018-11508 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A |
| The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex. | ||||
| CVE-2018-11507 | 1 Flif | 1 Flif | 2024-11-21 | N/A |
| An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp. | ||||
| CVE-2018-11506 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer, as demonstrated by a CDROMREADMODE2 ioctl call. | ||||
| CVE-2018-11505 | 1 Werewolf Online Project | 1 Werewolf Online | 2024-11-21 | N/A |
| The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output. | ||||
| CVE-2018-11504 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2024-11-21 | N/A |
| The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | ||||
| CVE-2018-11503 | 2 Debian, Discount Project | 2 Debian Linux, Discount | 2024-11-21 | N/A |
| The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html. | ||||
| CVE-2018-11502 | 1 Moderator Log Notes Project | 1 Moderator Log Notes | 2024-11-21 | N/A |
| An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. An attacker can remotely delete all mod notes and mod note logs in the modCP and ACP via CSRF. | ||||
| CVE-2018-11501 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | N/A |
| PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS. | ||||
| CVE-2018-11500 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account. | ||||
| CVE-2018-11499 | 1 Sass-lang | 1 Libsass | 2024-11-21 | N/A |
| A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact. | ||||
| CVE-2018-11498 | 1 Lizard Project | 2 Lizard, Lz5 | 2024-11-21 | N/A |
| In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted input file, as well as achieve remote code execution. | ||||
| CVE-2018-11496 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-11-21 | 6.5 Medium |
| In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation. | ||||
| CVE-2018-11495 | 1 Opencart | 1 Opencart | 2024-11-21 | N/A |
| OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For example, an attacker can download ../../config.php. | ||||
| CVE-2018-11494 | 1 Opencart | 1 Opencart | 2024-11-21 | N/A |
| The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name (containing 10 random digits) via a directory traversal attack involving language_info['code']. | ||||
| CVE-2018-11492 | 1 Asus | 2 Hg100, Hg100 Firmware | 2024-11-21 | N/A |
| ASUS HG100 devices allow denial of service via an IPv4 packet flood. | ||||
| CVE-2018-11491 | 1 Asus | 2 Hg100, Hg100 Firmware | 2024-11-21 | N/A |
| ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. | ||||
| CVE-2018-11490 | 4 Canonical, Debian, Giflib Project and 1 more | 4 Ubuntu Linux, Debian Linux, Giflib and 1 more | 2024-11-21 | 8.8 High |
| The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | ||||
| CVE-2018-11489 | 2 Giflib Project, Sam2p Project | 2 Giflib, Sam2p | 2024-11-21 | 8.8 High |
| The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact. | ||||
| CVE-2018-11488 | 1 Dtsearch | 1 Dtsearch | 2024-11-21 | N/A |
| A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request. | ||||