Total
12468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20809 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Policy Secure | 2024-11-21 | N/A |
| A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX. | ||||
| CVE-2018-20804 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 6.5 Medium |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13. | ||||
| CVE-2018-20800 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
| An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. | ||||
| CVE-2018-20782 | 1 Globee | 1 Woocommerce | 2024-11-21 | N/A |
| The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages. | ||||
| CVE-2018-20771 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution. | ||||
| CVE-2018-20767 | 1 Xerox | 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more | 2024-11-21 | N/A |
| An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution. | ||||
| CVE-2018-20743 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | N/A |
| murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | ||||
| CVE-2018-20720 | 1 Hitachienergy | 2 Relion 630, Relion 630 Firmware | 2024-11-21 | N/A |
| ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message. | ||||
| CVE-2018-20685 | 9 Canonical, Debian, Fujitsu and 6 more | 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more | 2024-11-21 | 5.3 Medium |
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. | ||||
| CVE-2018-20684 | 1 Winscp | 1 Winscp | 2024-11-21 | N/A |
| In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. | ||||
| CVE-2018-20683 | 1 Gitolite | 1 Gitolite | 2024-11-21 | N/A |
| commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P. | ||||
| CVE-2018-20669 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2024-11-21 | 7.8 High |
| An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. | ||||
| CVE-2018-20662 | 5 Canonical, Debian, Fedoraproject and 2 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.5 Medium |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | ||||
| CVE-2018-20658 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | N/A |
| The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command. | ||||
| CVE-2018-20650 | 4 Canonical, Debian, Freedesktop and 1 more | 10 Ubuntu Linux, Debian Linux, Poppler and 7 more | 2024-11-21 | 6.5 Medium |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | ||||
| CVE-2018-20614 | 1 Cim Project | 1 Cim | 2024-11-21 | N/A |
| public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI. | ||||
| CVE-2018-20580 | 1 Smartbear | 1 Readyapi | 2024-11-21 | N/A |
| The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. | ||||
| CVE-2018-20575 | 1 Orange | 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware | 2024-11-21 | N/A |
| Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2. | ||||
| CVE-2018-20551 | 3 Canonical, Freedesktop, Redhat | 3 Ubuntu Linux, Poppler, Enterprise Linux | 2024-11-21 | N/A |
| A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c. | ||||
| CVE-2018-20539 | 1 Liblas | 1 Liblas | 2024-11-21 | N/A |
| There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | ||||