Total
299224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20997 | 1 Rust-openssl Project | 1 Rust-openssl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | |||||
| CVE-2018-20996 | 1 Crossbeam Project | 1 Crossbeam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the crossbeam crate before 0.4.1 for Rust. There is a double free because of destructor mishandling. | |||||
| CVE-2018-20995 | 1 Slice-deque Project | 1 Slice-deque | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. | |||||
| CVE-2018-20994 | 1 Trust-dns-proto Project | 1 Trust-dns-proto | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the trust-dns-proto crate before 0.5.0-alpha.3 for Rust. There is infinite recursion because DNS message compression is mishandled. | |||||
| CVE-2018-20993 | 1 Yaml-rust Project | 1 Yaml-rust | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the yaml-rust crate before 0.4.1 for Rust. There is uncontrolled recursion during deserialization. | |||||
| CVE-2018-20992 | 1 Claxon Project | 1 Claxon | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled. | |||||
| CVE-2018-20991 | 1 Servo | 1 Smallvec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the smallvec crate before 0.6.3 for Rust. The Iterator implementation mishandles destructors, leading to a double free. | |||||
| CVE-2018-20990 | 1 Tar Project | 1 Tar | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in the tar crate before 0.4.16 for Rust. Arbitrary file overwrite can occur via a symlink or hardlink in a TAR archive. | |||||
| CVE-2018-20989 | 1 Untrusted Project | 1 Untrusted | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the untrusted crate before 0.6.2 for Rust. Error handling can trigger an integer underflow and panic. | |||||
| CVE-2018-20988 | 1 Google Forms Project | 1 Google Forms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. | |||||
| CVE-2018-20987 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. | |||||
| CVE-2018-20986 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. | |||||
| CVE-2018-20985 | 1 Payeezy | 1 Wp Payeezy Pay | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. | |||||
| CVE-2018-20984 | 1 Patreon | 1 Patreon Wordpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The patreon-connect plugin before 1.2.2 for WordPress has Object Injection. | |||||
| CVE-2018-20983 | 1 Meowapps | 1 Wp Retina 2x | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | |||||
| CVE-2018-20982 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | |||||
| CVE-2018-20981 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests. | |||||
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | |||||
| CVE-2018-20979 | 1 Rocklobster | 1 Contact Form 7 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The contact-form-7 plugin before 5.0.4 for WordPress has privilege escalation because of capability_type mishandling in register_post_type. | |||||
| CVE-2018-20978 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.4.7 for WordPress has XSS. | |||||