Total
317480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20848 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Advisto PEEL SHOPPING 9.0.0 has CSRF via en/achat/caddie_ajout.php and en/achat/caddie_affichage.php, as demonstrated by an XSS payload in the couleurId[0] parameter to the latter. | |||||
| CVE-2018-20847 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An improper computation of p_tx0, p_tx1, p_ty0 and p_ty1 in the function opj_get_encoding_parameters in openjp2/pi.c in OpenJPEG through 2.3.0 can lead to an integer overflow. | |||||
| CVE-2018-20846 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-20845 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2018-20841 | 1 Hootoo | 2 Tripmate Titan Ht-tm05, Tripmate Titan Ht-tm05 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request. | |||||
| CVE-2018-20840 | 1 Google | 1 Api C\+\+ Client | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server. | |||||
| CVE-2018-20838 | 1 Magazine3 | 1 Amp For Wp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ampforwp_save_steps_data in the AMP for WP plugin before 0.9.97.21 for WordPress allows stored XSS. | |||||
| CVE-2018-20837 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS. | |||||
| CVE-2018-20836 | 6 Canonical, Debian, F5 and 3 more | 13 Ubuntu Linux, Debian Linux, Traffix Signaling Delivery Controller and 10 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. | |||||
| CVE-2018-20835 | 1 Tar-fs Project | 1 Tar-fs | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. | |||||
| CVE-2018-20834 | 1 Node-tar Project | 1 Node-tar | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2). | |||||
| CVE-2018-20827 | 1 Atlassian | 1 Jira | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The activity stream gadget in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the country parameter. | |||||
| CVE-2018-20826 | 1 Atlassian | 1 Jira | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote attackers to set the reporter in issues via a missing authorisation check. | |||||
| CVE-2018-20824 | 1 Atlassian | 1 Jira | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the cyclePeriod parameter. | |||||
| CVE-2018-20823 | 1 Xiaomi | 2 Mi 5s, Mi 5s Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The gyroscope on Xiaomi Mi 5s devices allows attackers to cause a denial of service (resonance and false data) via a 20.4 kHz audio signal, aka a MEMS ultrasound attack. | |||||
| CVE-2018-20822 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp). | |||||
| CVE-2018-20821 | 1 Sass-lang | 1 Libsass | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp). | |||||
| CVE-2018-20820 | 1 Dropbox | 1 Lepton | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| read_ujpg in jpgcoder.cc in Dropbox Lepton 1.2.1 allows attackers to cause a denial-of-service (application runtime crash because of an integer overflow) via a crafted file. | |||||
| CVE-2018-20819 | 1 Dropbox | 1 Lepton | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| io/ZlibCompression.cc in the decompression component in Dropbox Lepton 1.2.1 allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact by crafting a jpg image file. The root cause is a missing check of header payloads that may be (incorrectly) larger than the maximum file size. | |||||
| CVE-2018-20818 | 1 Openplcproject | 4 Openplc V2, Openplc V2 Firmware, Openplc V3 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability was discovered in the OpenPLC controller, in the OpenPLC_v2 and OpenPLC_v3 versions. It occurs in the modbus.cpp mapUnusedIO() function, which can cause a runtime crash of the PLC or possibly have unspecified other impact. | |||||