|
246121
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-18457
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246122
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, a…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18456
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246123
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18455
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246124
|
5.5 |
MEDIUM
Local
|
xpdfreader
|
xpdf
|
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18454
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246125
|
9.8 |
CRITICAL
Network
|
pbootcms
|
pbootcms
|
apps\admin\controller\content\SingleController.php in PbootCMS before V1.3.0 build 2018-11-12 has SQL Injection, as demonstrated by the POST data to the admin.php/Single/mod/mcode/1/id/3 URI.
|
CWE-89
SQL Injection
|
CVE-2018-18450
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246126
|
3.3 |
LOW
Local
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC ve…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2018-18386
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246127
|
7.8 |
HIGH
Local
|
linux
canonical
redhat
|
linux_kernel
ubuntu_linux
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_eus
enterprise_linux_s…
|
In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-18445
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246128
|
8.8 |
HIGH
Network
|
ilm
|
openexr
|
makeMultiView.cpp in exrmultiview in OpenEXR 2.3.0 has an out-of-bounds write, leading to an assertion failure or possibly unspecified other impact.
|
CWE-787
Out-of-bounds Write
|
CVE-2018-18444
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246129
|
4.3 |
MEDIUM
Network
|
ilm
|
openexr
|
OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2018-18443
|
2024-11-21 12:55 |
2018-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246130
|
5.4 |
MEDIUM
Network
|
schiocco
|
support_board_-_chat_and_help_desk
|
In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg par…
|
CWE-79
Cross-site Scripting
|
CVE-2018-18373
|
2024-11-21 12:55 |
2018-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
