Vulnerabilities (CVE)

Total 298749 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20673 1 Gnu 1 Binutils 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm.
CVE-2018-20671 1 Gnu 1 Binutils 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
load_specific_debug_section in objdump.c in GNU Binutils through 2.31.1 contains an integer overflow vulnerability that can trigger a heap-based buffer overflow via a crafted section size.
CVE-2018-20669 1 Linux 1 Linux Kernel 2024-11-21 7.2 HIGH 7.8 HIGH
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.
CVE-2018-20664 1 Zohocorp 1 Manageengine Adselfservice Plus 2024-11-21 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine ADSelfService Plus 5.x before build 5701 has XXE via an uploaded product license.
CVE-2018-20663 1 Haulmont 2 Cuba Platform, Reporting 2024-11-21 3.5 LOW 5.4 MEDIUM
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
CVE-2018-20662 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVE-2018-20659 1 Axiosys 1 Bento4 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls.
CVE-2018-20658 1 Coreftp 1 Core Ftp 2024-11-21 5.0 MEDIUM 7.5 HIGH
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.
CVE-2018-20657 2 F5, Gnu 2 Traffix Signaling Delivery Controller, Binutils 2024-11-21 5.0 MEDIUM 7.5 HIGH
The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.
CVE-2018-20655 1 Whatsapp 1 Whatsapp 2024-11-21 7.5 HIGH 9.8 CRITICAL
When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24.
CVE-2018-20652 1 Tinyexr Project 1 Tinyexr 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An attempted excessive memory allocation was discovered in the function tinyexr::AllocateImage in tinyexr.h in tinyexr v0.9.5. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted input, which leads to an out-of-memory exception.
CVE-2018-20651 1 Gnu 1 Binutils 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference was discovered in elf_link_add_object_symbols in elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31.1. This occurs for a crafted ET_DYN with no program headers. A specially crafted ELF file allows remote attackers to cause a denial of service, as demonstrated by ld.
CVE-2018-20650 2 Canonical, Freedesktop 2 Ubuntu Linux, Poppler 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
CVE-2018-20648 1 Car Rental Script Project 1 Car Rental Script 2024-11-21 6.8 MEDIUM 8.8 HIGH
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.
CVE-2018-20647 1 Car Rental Script Project 1 Car Rental Script 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.
CVE-2018-20646 1 Basic B2b Script Project 1 Basic B2b Script 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
PHP Scripts Mall Basic B2B Script 2.0.9 has has directory traversal via a direct request for a listing of an image directory such as an uploads/ directory.
CVE-2018-20645 1 Basic B2b Script Project 1 Basic B2b Script 2024-11-21 3.5 LOW 5.4 MEDIUM
PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field.
CVE-2018-20644 1 Basic B2b Script Project 1 Basic B2b Script 2024-11-21 6.8 MEDIUM 8.8 HIGH
PHP Scripts Mall Basic B2B Script 2.0.9 has Cross-Site Request Forgery (CSRF) via the Edit profile feature.
CVE-2018-20643 1 Entrepreneur Job Portal Script Project 1 Entrepreneur Job Portal Script 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.
CVE-2018-20642 1 Entrepreneur Job Portal Script Project 1 Entrepreneur Job Portal Script 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service (outage of profile editing) via crafted JavaScript code in the KeySkills field.