Total
298706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20806 | 1 Phamm | 1 Phamm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter). | |||||
| CVE-2018-20805 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch . This issue affects MongoDB Server v4.0 versions prior to 4.0.5 and MongoDB Server v3.6 versions prior to 3.6.10. | |||||
| CVE-2018-20804 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13. | |||||
| CVE-2018-20803 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks. This issue affects MongoDB Server v4.0 versions prior to 4.0.5; MongoDB Server v3.6 versions prior to 3.6.10 and MongoDB Server v3.4 versions prior to 3.4.19. | |||||
| CVE-2018-20802 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3. | |||||
| CVE-2018-20801 | 1 Highcharts | 1 Highcharts | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS. | |||||
| CVE-2018-20800 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. | |||||
| CVE-2018-20799 | 1 Netgate | 1 Pfsense | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In pfSense 2.4.4_1, blocking of source IP addresses on the basis of failed HTTPS authentication is inconsistent with blocking of source IP addresses on the basis of failed SSH authentication (the behavior does not match the sshguard documentation), which might make it easier for attackers to bypass intended access restrictions. | |||||
| CVE-2018-20798 | 1 Netgate | 1 Pfsense | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions. | |||||
| CVE-2018-20797 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp. | |||||
| CVE-2018-20796 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. | |||||
| CVE-2018-20795 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php. | |||||
| CVE-2018-20794 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php. | |||||
| CVE-2018-20793 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php. | |||||
| CVE-2018-20792 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php. | |||||
| CVE-2018-20791 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action. | |||||
| CVE-2018-20790 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php. | |||||
| CVE-2018-20789 | 1 Tecrail | 1 Responsive Filemanager | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php. | |||||
| CVE-2018-20788 | 1 Micode | 1 Xiaomi Perseus-p-oss | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| drivers/leds/leds-aw2023.c in the led driver for custom Linux kernels on the Xiaomi Redmi 6pro daisy-o-oss phone has several integer overflows because of a left-shifting operation when the right-hand operand can be equal to or greater than the integer length. This can be exploited by a crafted application for denial of service. | |||||
| CVE-2018-20787 | 1 Micode | 1 Xiaomi Perseus-p-oss | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| The ft5x46 touchscreen driver for custom Linux kernels on the Xiaomi perseus-p-oss MIX 3 device through 2018-11-26 has an integer overflow and OOPS because of missing checks of the size argument in tpdbg_write in drivers/input/touchscreen/ft5x46/ft5x46_ts.c. This is exploitable for a device crash via a syscall by a crafted application on a rooted device. | |||||