Filtered by CWE-20
Total 12468 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-20809 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Policy Secure 2024-11-21 N/A
A crafted message can cause the web server to crash with Pulse Secure Pulse Connect Secure (PCS) 8.3RX before 8.3R5 and Pulse Policy Secure 5.4RX before 5.4R5. This is not applicable to PCS 8.1RX.
CVE-2018-20804 1 Mongodb 1 Mongodb 2024-11-21 6.5 Medium
A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects MongoDB Server v4.0 versions prior to 4.0.10 and MongoDB Server v3.6 versions prior to 3.6.13.
CVE-2018-20800 1 Otrs 1 Otrs 2024-11-21 N/A
An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table.
CVE-2018-20782 1 Globee 1 Woocommerce 2024-11-21 N/A
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.
CVE-2018-20771 1 Xerox 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more 2024-11-21 N/A
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is unauthenticated Remote Command Execution.
CVE-2018-20767 1 Xerox 58 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 55 more 2024-11-21 N/A
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. There is authenticated remote command execution.
CVE-2018-20743 2 Debian, Mumble 2 Debian Linux, Mumble 2024-11-21 N/A
murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood.
CVE-2018-20720 1 Hitachienergy 2 Relion 630, Relion 630 Firmware 2024-11-21 N/A
ABB Relion 630 devices 1.1 before 1.1.0.C0, 1.2 before 1.2.0.B3, and 1.3 before 1.3.0.A6 allow remote attackers to cause a denial of service (reboot) via a reboot command in an SPA message.
CVE-2018-20685 9 Canonical, Debian, Fujitsu and 6 more 30 Ubuntu Linux, Debian Linux, M10-1 and 27 more 2024-11-21 5.3 Medium
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2018-20684 1 Winscp 1 Winscp 2024-11-21 N/A
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
CVE-2018-20683 1 Gitolite 1 Gitolite 2024-11-21 N/A
commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.
CVE-2018-20669 3 Canonical, Linux, Netapp 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more 2024-11-21 7.8 High
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.
CVE-2018-20662 5 Canonical, Debian, Fedoraproject and 2 more 11 Ubuntu Linux, Debian Linux, Fedora and 8 more 2024-11-21 6.5 Medium
In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing.
CVE-2018-20658 1 Coreftp 1 Core Ftp 2024-11-21 N/A
The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote attackers to cause a denial of service (daemon crash) via a crafted XRMD command.
CVE-2018-20650 4 Canonical, Debian, Freedesktop and 1 more 10 Ubuntu Linux, Debian Linux, Poppler and 7 more 2024-11-21 6.5 Medium
A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach.
CVE-2018-20614 1 Cim Project 1 Cim 2024-11-21 N/A
public\install\install.php in CIM 0.9.3 allows remote attackers to reload the product via the public/install/#/step3 URI.
CVE-2018-20580 1 Smartbear 1 Readyapi 2024-11-21 N/A
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
CVE-2018-20575 1 Orange 2 Arv7519rw22 Livebox 2.1, Arv7519rw22 Livebox 2.1 Firmware 2024-11-21 N/A
Orange Livebox 00.96.320S devices have an undocumented /system_firmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2.
CVE-2018-20551 3 Canonical, Freedesktop, Redhat 3 Ubuntu Linux, Poppler, Enterprise Linux 2024-11-21 N/A
A reachable Object::getString assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to construction of invalid rich media annotation assets in the AnnotRichMedia class in Annot.c.
CVE-2018-20539 1 Liblas 1 Liblas 2024-11-21 N/A
There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.