Export limit exceeded: 354389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3075 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-17204 | 4 Canonical, Debian, Openvswitch and 1 more | 5 Ubuntu Linux, Debian Linux, Openvswitch and 2 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. | ||||
| CVE-2018-17199 | 6 Apache, Canonical, Debian and 3 more | 9 Http Server, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | N/A |
| In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded. | ||||
| CVE-2018-17186 | 1 Apache | 1 Syncope | 2024-11-21 | N/A |
| An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution. | ||||
| CVE-2018-17169 | 1 Printeron | 1 Printeron | 2024-11-21 | N/A |
| An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2018-17152 | 1 Intersystems | 1 Cache | 2024-11-21 | N/A |
| Intersystems Cache 2017.2.2.865.0 allows XXE. | ||||
| CVE-2018-17096 | 1 Surina | 1 Soundtouch | 2024-11-21 | N/A |
| The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch. | ||||
| CVE-2018-16792 | 1 Solarwinds | 1 Sftp\/scp Server | 2024-11-21 | 9.1 Critical |
| SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data. | ||||
| CVE-2018-16749 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2024-11-21 | 6.5 Medium |
| In ImageMagick 7.0.7-29 and earlier, a missing NULL check in ReadOneJNGImage in coders/png.c allows an attacker to cause a denial of service (WriteBlob assertion failure and application exit) via a crafted file. | ||||
| CVE-2018-16521 | 1 Openmrs | 2 Html Form Entry, Reference Application | 2024-11-21 | N/A |
| An XML External Entity (XXE) vulnerability exists in HTML Form Entry 3.7.0, as distributed in OpenMRS Reference Application 2.8.0. | ||||
| CVE-2018-16252 | 1 Fspro | 1 Event Log Explorer | 2024-11-21 | N/A |
| FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection. | ||||
| CVE-2018-16166 | 1 Jpcert | 1 Logontracer | 2024-11-21 | N/A |
| LogonTracer 1.2.0 and earlier allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2018-15822 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 7.5 High |
| The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. | ||||
| CVE-2018-15805 | 1 Accusoft | 1 Prizmdoc | 2024-11-21 | N/A |
| Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption). | ||||
| CVE-2018-15531 | 1 Javamelody Project | 1 Javamelody | 2024-11-21 | N/A |
| JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java. | ||||
| CVE-2018-15506 | 1 Bubblesoftapps | 1 Bubbleupnp | 2024-11-21 | N/A |
| In BubbleUPnP 0.9 update 30, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running BubbleUPnP, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack the cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. | ||||
| CVE-2018-15362 | 1 Ge | 1 Cimplicity | 2024-11-21 | N/A |
| XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0 | ||||
| CVE-2018-15120 | 2 Canonical, Gnome | 2 Ubuntu Linux, Pango | 2024-11-21 | 6.5 Medium |
| libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences. | ||||
| CVE-2018-14720 | 4 Debian, Fasterxml, Oracle and 1 more | 21 Debian Linux, Jackson-databind, Banking Platform and 18 more | 2024-11-21 | N/A |
| FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. | ||||
| CVE-2018-14485 | 1 Blogengine | 1 Blogengine.net | 2024-11-21 | N/A |
| BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. | ||||
| CVE-2018-14473 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2024-11-21 | N/A |
| OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service. | ||||