|
246431
|
5.5 |
MEDIUM
Local
|
audiocoding
|
freeware_advanced_audio_decoder_2
|
An invalid memory address dereference was discovered in the lt_prediction function of libfaad/lt_predict.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-20358
|
2024-11-21 13:01 |
2018-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246432
|
5.5 |
MEDIUM
Local
|
audiocoding
|
freeware_advanced_audio_decoder_2
|
A NULL pointer dereference was discovered in sbr_process_channel of libfaad/sbr_dec.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. The vulnerability causes a segmentation fault and application…
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20357
|
2024-11-21 13:01 |
2018-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246433
|
6.1 |
MEDIUM
Network
|
evernote
|
evernote
|
The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832.
|
CWE-79
Cross-site Scripting
|
CVE-2018-20351
|
2024-11-21 13:01 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246434
|
6.5 |
MEDIUM
Network
|
igraph
|
igraph
|
The igraph_i_strdiff function in igraph_trie.c in igraph through 0.7.1 has an NULL pointer dereference that allows attackers to cause a denial of service (application crash) via a crafted object.
|
CWE-476
NULL Pointer Dereference
|
CVE-2018-20349
|
2024-11-21 13:01 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246435
|
5.5 |
MEDIUM
Local
|
libpff_project
|
libpff
|
libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tr…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2018-20348
|
2024-11-21 13:01 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246436
|
9.8 |
CRITICAL
Network
|
definitions_project
|
definitions
|
There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution.
|
CWE-94
Code Injection
|
CVE-2018-20325
|
2024-11-21 13:01 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246437
|
6.1 |
MEDIUM
Network
|
limesurvey
|
limesurvey
|
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version…
|
CWE-79
Cross-site Scripting
|
CVE-2018-20322
|
2024-11-21 13:01 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246438
|
7.2 |
HIGH
Network
|
thehive-project
|
cortex
|
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
|
NVD-CWE-noinfo
|
CVE-2018-20226
|
2024-11-21 13:01 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246439
|
8.8 |
HIGH
Network
|
pulsesecure
|
secure_access_series_ssl_vpn_sa-4000
|
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure Acces…
|
CWE-269
Improper Privilege Management
|
CVE-2018-20193
|
2024-11-21 13:01 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246440
|
8.1 |
HIGH
Network
|
sqlite google redhat debian opensuse
|
sqlite chrome linux debian_linux leap
|
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allow…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-20346
|
2024-11-21 13:01 |
2018-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|