Export limit exceeded: 344008 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12559 | 1 Cantata Project | 1 Cantata | 2024-11-21 | N/A |
| An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring. | ||||
| CVE-2018-12542 | 2 Eclipse, Microsoft | 2 Vert.x, Windows | 2024-11-21 | N/A |
| In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems. | ||||
| CVE-2018-12530 | 1 Metinfo | 1 Metinfo | 2024-11-21 | N/A |
| An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF. | ||||
| CVE-2018-12494 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsTemplate/content.html?path=../ URI. | ||||
| CVE-2018-12493 | 1 Publiccms | 1 Publiccms | 2024-11-21 | N/A |
| An issue was discovered in PublicCMS V4.0.20180210. There is a "Directory Traversal" and "Arbitrary file read" vulnerability via an admin/cmsWebFile/list.html?path=../ URI. | ||||
| CVE-2018-12476 | 1 Suse | 3 Obs-service-tar Scm, Opensuse Factory, Suse Linux Enterprise Server | 2024-11-21 | 4.3 Medium |
| Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74. | ||||
| CVE-2018-12473 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| A path traversal traversal vulnerability in obs-service-tar_scm of Open Build Service allows remote attackers to cause access files not in the current build. On the server itself this is prevented by confining the worker via KVM. Affected releases are openSUSE Open Build Service: versions prior to 70d1aa4cc4d7b940180553a63805c22fc62e2cf0. | ||||
| CVE-2018-12314 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | N/A |
| Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version 3.1.1 allows attackers to download arbitrary files by manipulating the "file" and "folder" URL parameters. | ||||
| CVE-2018-12309 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | N/A |
| Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows attackers to upload files to arbitrary locations by modifying the "path" URL parameter. NOTE: the "filename" POST parameter is covered by CVE-2018-11345. | ||||
| CVE-2018-12306 | 1 Asustor | 2 As602t, Data Master | 2024-11-21 | N/A |
| Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to view arbitrary files by modifying the "file1" URL parameter, a similar issue to CVE-2018-11344. | ||||
| CVE-2018-12298 | 1 Seagate | 1 Nas Os | 2024-11-21 | N/A |
| Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path. | ||||
| CVE-2018-12207 | 8 Canonical, Debian, F5 and 5 more | 1541 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 1538 more | 2024-11-21 | 6.5 Medium |
| Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | ||||
| CVE-2018-12130 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Fill Buffer Data Sampling, Microarchitectural Fill Buffer Data Sampling Firmware and 10 more | 2024-11-21 | N/A |
| Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
| CVE-2018-12127 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Load Port Data Sampling, Microarchitectural Load Port Data Sampling Firmware and 10 more | 2024-11-21 | N/A |
| Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
| CVE-2018-12126 | 3 Fedoraproject, Intel, Redhat | 13 Fedora, Microarchitectural Store Buffer Data Sampling, Microarchitectural Store Buffer Data Sampling Firmware and 10 more | 2024-11-21 | N/A |
| Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf | ||||
| CVE-2018-12054 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | N/A |
| Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal. | ||||
| CVE-2018-12053 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2024-11-21 | N/A |
| Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal. | ||||
| CVE-2018-12042 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | N/A |
| Roxy Fileman through v1.4.5 has Directory traversal via the php/download.php f parameter. | ||||
| CVE-2018-12036 | 1 Owasp | 1 Dependency-check | 2024-11-21 | N/A |
| OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | ||||
| CVE-2018-12031 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | N/A |
| Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/node_upgrade_srv.js directory traversal with the firmware parameter in a downloadFirmware action. | ||||