Total
317826 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20543 | 1 Libxsmm Project | 1 Libxsmm | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service. | |||||
| CVE-2018-20542 | 1 Libxsmm Project | 1 Libxsmm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address). | |||||
| CVE-2018-20541 | 1 Libxsmm Project | 1 Libxsmm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses). | |||||
| CVE-2018-20540 | 1 Liblas | 1 Liblas | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1. | |||||
| CVE-2018-20539 | 1 Liblas | 1 Liblas | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | |||||
| CVE-2018-20538 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. | |||||
| CVE-2018-20537 | 1 Liblas | 1 Liblas | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | |||||
| CVE-2018-20536 | 1 Liblas | 1 Liblas | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | |||||
| CVE-2018-20535 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt. | |||||
| CVE-2018-20534 | 2 Canonical, Opensuse | 2 Ubuntu Linux, Libsolv | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application. | |||||
| CVE-2018-20533 | 2 Canonical, Opensuse | 2 Ubuntu Linux, Libsolv | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | |||||
| CVE-2018-20532 | 2 Canonical, Opensuse | 2 Ubuntu Linux, Libsolv | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service. | |||||
| CVE-2018-20530 | 1 Website Seller Script Project | 1 Website Seller Script | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. | |||||
| CVE-2018-20528 | 1 Jeecms | 1 Jeecms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| JEECMS 9 has SSRF via the ueditor/getRemoteImage.jspx upfile parameter. | |||||
| CVE-2018-20526 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php. | |||||
| CVE-2018-20525 | 1 Roxyfileman | 1 Roxy Fileman | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php. | |||||
| CVE-2018-20524 | 1 Urlchatbox | 1 Chat Anywhere | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP). | |||||
| CVE-2018-20523 | 1 Mi | 37 Redmi 4a, Redmi 4a Firmware, Redmi 5 Plus and 34 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request. | |||||
| CVE-2018-20520 | 1 1234n | 1 Minicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233. | |||||
| CVE-2018-20519 | 1 74cms | 1 74cms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter. | |||||